Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Unable to remove Trojan Downloader
Goto page 1, 2  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Fri Aug 21, 2015 2:54 pm    Post subject: Unable to remove Trojan Downloader Reply with quote

Defender has identified and quarantined TrojanDownloaderWin32/Waledac but it keeps returning.

Browser is slow to start up and i get a high percentage of web page error messages "This web page is not available DNS-PROB-FINISHED-NYDOMAIN"

Hopefully you can help remove, thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937
Run by Ian at 23:50:24 on 2015-08-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3974.1742 [GMT 1:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AviraBrowserSafety.BrowserSafety: {c3c77255-42c0-499f-b664-6e981a0b1647} -
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{35C81B67-87E6-433E-9A94-9293E66C66D2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{41D2B5F9-6A5D-4115-9196-74CBE5701E3F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-5 16152]
R0 mfedisk;McAfee AAC Disk Filter Driver;C:\Windows\System32\drivers\mfedisk.sys [2015-4-8 101872]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 864200]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335944]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-8-27 30496]
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2015-6-11 121432]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-6-13 376184]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2015-7-12 28600]
R1 RapportCerberus_1412112;RapportCerberus_1412112;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [2015-6-23 917112]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-6-2 485368]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-6-2 480440]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-7-12 461672]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-7-12 461672]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2015-7-12 162528]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-7-2 218816]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2015-7-12 44088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-5 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-12-3 754280]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe [2015-6-4 207344]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe [2015-6-19 373704]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-5 250672]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-6-2 2222360]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-7 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-7 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-7 171416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-5 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-9 413472]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-12-19 93040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-5 363800]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-5 73728]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-5 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-5 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-8 25816]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 402888]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 338272]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-7-5 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 488000]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-6 565352]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-7-12 887128]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-7-12 1213072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-3 340744]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-3 1133880]
S2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-3 340744]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-12-3 340744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 68784]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-3 63704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-7-5 224704]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-7-6 398144]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-3 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-15 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-08-21 17:07:26 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5E3549F-FD29-4EC4-8D12-96FB3041901B}\mpengine.dll
2015-08-19 20:11:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 20:11:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-12 21:09:54 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:09:54 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:08:59 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-08-12 19:05:43 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-08-12 19:03:59 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-08-12 17:45:47 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-29 17:45:10 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-07-29 17:45:10 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-07-29 17:23:02 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-29 17:23:02 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-29 17:22:16 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-07-29 17:22:16 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-07-29 17:20:37 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-29 17:20:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-29 17:20:28 188416 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-07-29 17:20:28 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-07-29 17:20:28 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-07-29 17:20:28 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-07-29 17:20:27 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-07-29 17:20:27 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-07-29 17:20:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2015-07-29 17:20:27 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2015-07-29 17:19:09 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-29 17:19:09 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-29 17:19:08 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-29 17:19:08 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-29 17:19:08 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-29 17:19:07 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-29 17:19:07 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-29 17:19:07 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-29 17:19:07 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-29 17:19:06 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-29 17:19:06 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-29 17:19:06 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-29 16:45:00 -------- d-----w- C:\Program Files\Common Files\AV
.
==================== Find3M ====================
.
2015-08-12 17:26:17 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 17:26:17 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 17:17:11 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-06 17:37:20 162528 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 18:06:42 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 18:06:39 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 18:06:35 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 18:06:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 19:12:29 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12:29 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-07-16 19:12:28 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-07-16 19:11:27 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-07-16 19:11:26 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-16 19:11:26 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-07-16 19:06:06 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
.
============= FINISH: 23:51:10.32 ===============
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Aug 22, 2015 6:00 am    Post subject: Reply with quote

Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 22, 2015 1:10 pm    Post subject: Unable to remove trojan downloader Reply with quote

Hi Cypher, thanks for the help.

Here is the first log file from AdwCleaner

# AdwCleaner v5.003 - Logfile created 22/08/2015 at 22:04:55
# Updated 20/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ian - IAN-PC
# Running from : C:\Users\Ian\Downloads\adwcleaner_5.003 (2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\doobfiogmfmpjnoofjhhgjehmlofngfp
[-] File Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.avira.com_0.localstorage
[-] File Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.avira.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Browser Manager
[-] Task Deleted : DigitalSite

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B

***** [ Web browsers ] *****

[-] [C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2001 bytes] ##########
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 22, 2015 1:17 pm    Post subject: Reply with quote

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 03
Ran by Ian (administrator) on IAN-PC (22-08-2015 22:12:22)
Running from C:\Users\Ian\Downloads
Loaded Profiles: Ian (Available Profiles: UpdatusUser & Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> DefaultScope {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL =
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C5EA24D0-C587-42B4-8BA8-1B067FA64D26} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=110313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {E5B44C1B-52F1-4AF2-A3F5-ACC845FA2CE8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35C81B67-87E6-433E-9A94-9293E66C66D2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41D2B5F9-6A5D-4115-9196-74CBE5701E3F}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-07-29] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R1 RapportCerberus_1507063; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [958232 2015-08-22] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500088 2015-07-29] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-07-29] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-07-29] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-07-29] (IBM Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:12 - 2015-08-22 22:12 - 00017813 _____ C:\Users\Ian\Downloads\FRST.txt
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\FRST
2015-08-22 22:11 - 2015-08-22 22:11 - 02173952 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2015-08-22 22:11 - 2015-08-22 22:11 - 01677824 _____ (Farbar) C:\Users\Ian\Downloads\FRST.exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (2).exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (1).exe
2015-08-22 21:56 - 2015-08-22 21:56 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003.exe
2015-08-22 21:54 - 2015-08-22 21:54 - 00002241 _____ C:\Users\Ian\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-22 21:54 - 2015-08-22 21:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-IAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\RegBackup
2015-08-22 21:53 - 2015-08-22 21:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-22 21:52 - 2015-08-22 21:52 - 04664160 _____ (Tweaking.com) C:\Users\Ian\Downloads\tweaking.com_registry_backup_setup.exe
2015-08-21 23:51 - 2015-08-21 23:51 - 00025927 _____ C:\Users\Ian\Desktop\dds.txt
2015-08-21 23:50 - 2015-08-21 23:50 - 00688992 ____R (Swearware) C:\Users\Ian\Downloads\dds.scr
2015-08-19 21:12 - 2015-08-19 21:12 - 590219738 _____ C:\Windows\MEMORY.DMP
2015-08-19 21:12 - 2015-08-19 21:12 - 00288048 _____ C:\Windows\Minidump\081915-13026-01.dmp
2015-08-19 21:12 - 2015-08-19 21:12 - 00000000 ____D C:\Windows\Minidump
2015-08-19 21:11 - 2015-08-11 02:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:11 - 2015-08-11 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:09 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:09 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:09 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:08 - 2015-07-15 19:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:08 - 2015-07-15 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 20:08 - 2015-07-15 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 20:08 - 2015-07-15 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 20:08 - 2015-07-15 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 20:08 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 18:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 20:08 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 20:08 - 2015-07-15 18:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 20:08 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 20:08 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:08 - 2015-07-15 17:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 20:08 - 2015-07-15 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 20:08 - 2015-07-15 17:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:05 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:04 - 2015-07-21 01:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 20:04 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 20:04 - 2015-07-16 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 20:04 - 2015-07-16 21:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 20:04 - 2015-07-16 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 21:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 20:04 - 2015-07-16 21:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 21:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 20:04 - 2015-07-16 21:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:04 - 2015-07-16 21:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 20:04 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 20:04 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 20:04 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 20:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 20:04 - 2015-07-16 20:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 20:04 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 20:04 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 20:04 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 20:03 - 2015-07-30 17:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 20:03 - 2015-07-30 17:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:03 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:03 - 2015-07-15 04:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:03 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:27 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 19:27 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 18:46 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 18:45 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 20:23 - 2015-08-09 20:23 - 00018044 _____ C:\Users\Ian\Downloads\ED LANARK ASN Aero Healthcare 280515 AG.xlsx
2015-08-08 16:29 - 2015-08-08 16:29 - 00002052 _____ C:\Windows\epplauncher.mif
2015-08-08 16:27 - 2015-08-08 16:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall (1).exe
2015-08-08 16:27 - 2015-08-08 16:27 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall.exe
2015-07-31 18:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-29 18:45 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-29 18:45 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-29 18:22 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-29 18:22 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-29 18:20 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-29 18:20 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-29 18:20 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-29 18:19 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-29 18:19 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-29 18:19 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-29 18:19 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-29 17:45 - 2015-07-31 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 17:45 - 2015-07-30 20:49 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:07 - 2012-07-06 04:36 - 01662124 _____ C:\Windows\WindowsUpdate.log
2015-08-22 22:07 - 2012-07-05 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-22 22:06 - 2015-05-02 15:26 - 00004816 _____ C:\Windows\setupact.log
2015-08-22 22:06 - 2013-12-15 18:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-22 22:06 - 2012-07-06 04:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-22 22:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-22 22:04 - 2013-12-09 21:09 - 00000000 ____D C:\AdwCleaner
2015-08-22 21:44 - 2013-12-15 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-22 21:26 - 2015-04-19 20:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-22 19:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-22 19:46 - 2013-12-15 18:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 19:10 - 2014-06-13 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-19 21:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 18:19 - 2009-07-14 05:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 18:17 - 2014-12-12 22:54 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 18:17 - 2014-05-06 22:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 22:10 - 2012-07-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 22:01 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:56 - 2012-09-16 21:47 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:26 - 2015-04-19 20:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 18:17 - 2014-07-03 20:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 18:39 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-06 18:37 - 2015-07-12 15:22 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-06 18:37 - 2015-07-12 15:22 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-01 14:45 - 2013-12-13 19:32 - 00000000 ____D C:\Users\Ian\AppData\Local\CrashDumps
2015-08-01 14:01 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 13:43 - 2011-02-10 15:02 - 00000000 ____D C:\Windows\panther
2015-07-31 19:08 - 2015-07-12 15:19 - 00001118 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-31 19:08 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 18:08 - 2013-12-07 17:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-31 16:56 - 2012-07-05 21:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-30 20:49 - 2012-07-05 21:17 - 00000000 ____D C:\ProgramData\McAfee
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-01-08 20:49 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 19:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-29 22:46 - 2015-06-11 20:40 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-07-29 22:46 - 2014-06-13 16:37 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-07-29 17:52 - 2014-10-28 21:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-29 17:51 - 2014-12-26 16:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-29 17:44 - 2015-04-05 22:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-29 17:39 - 2013-12-15 18:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-29 17:39 - 2013-12-15 18:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-29 17:37 - 2014-03-17 20:56 - 00201310 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-12-26 21:22 - 2014-12-26 21:22 - 0038422 _____ () C:\Users\Ian\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-10-28 21:09 - 2013-12-09 20:16 - 0000098 _____ () C:\Users\Ian\AppData\Roaming\WB.CFG
2013-10-28 21:09 - 2013-12-09 20:15 - 0000006 _____ () C:\Users\Ian\AppData\Roaming\WBPU-TTL.DAT
2012-12-02 12:40 - 2012-12-02 12:40 - 0003584 _____ () C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\avgnt.exe
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 21:00

==================== End of log ============================
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 22, 2015 1:20 pm    Post subject: Reply with quote

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 03
Ran by Ian (administrator) on IAN-PC (22-08-2015 22:12:22)
Running from C:\Users\Ian\Downloads
Loaded Profiles: Ian (Available Profiles: UpdatusUser & Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> DefaultScope {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL =
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C5EA24D0-C587-42B4-8BA8-1B067FA64D26} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=110313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {E5B44C1B-52F1-4AF2-A3F5-ACC845FA2CE8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35C81B67-87E6-433E-9A94-9293E66C66D2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41D2B5F9-6A5D-4115-9196-74CBE5701E3F}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-07-29] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R1 RapportCerberus_1507063; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [958232 2015-08-22] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500088 2015-07-29] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-07-29] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-07-29] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-07-29] (IBM Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:12 - 2015-08-22 22:12 - 00017813 _____ C:\Users\Ian\Downloads\FRST.txt
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\FRST
2015-08-22 22:11 - 2015-08-22 22:11 - 02173952 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2015-08-22 22:11 - 2015-08-22 22:11 - 01677824 _____ (Farbar) C:\Users\Ian\Downloads\FRST.exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (2).exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (1).exe
2015-08-22 21:56 - 2015-08-22 21:56 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003.exe
2015-08-22 21:54 - 2015-08-22 21:54 - 00002241 _____ C:\Users\Ian\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-22 21:54 - 2015-08-22 21:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-IAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\RegBackup
2015-08-22 21:53 - 2015-08-22 21:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-22 21:52 - 2015-08-22 21:52 - 04664160 _____ (Tweaking.com) C:\Users\Ian\Downloads\tweaking.com_registry_backup_setup.exe
2015-08-21 23:51 - 2015-08-21 23:51 - 00025927 _____ C:\Users\Ian\Desktop\dds.txt
2015-08-21 23:50 - 2015-08-21 23:50 - 00688992 ____R (Swearware) C:\Users\Ian\Downloads\dds.scr
2015-08-19 21:12 - 2015-08-19 21:12 - 590219738 _____ C:\Windows\MEMORY.DMP
2015-08-19 21:12 - 2015-08-19 21:12 - 00288048 _____ C:\Windows\Minidump\081915-13026-01.dmp
2015-08-19 21:12 - 2015-08-19 21:12 - 00000000 ____D C:\Windows\Minidump
2015-08-19 21:11 - 2015-08-11 02:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:11 - 2015-08-11 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:09 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:09 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:09 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:08 - 2015-07-15 19:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:08 - 2015-07-15 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 20:08 - 2015-07-15 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 20:08 - 2015-07-15 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 20:08 - 2015-07-15 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 20:08 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 18:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 20:08 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 20:08 - 2015-07-15 18:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 20:08 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 20:08 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:08 - 2015-07-15 17:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 20:08 - 2015-07-15 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 20:08 - 2015-07-15 17:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:05 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:04 - 2015-07-21 01:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 20:04 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 20:04 - 2015-07-16 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 20:04 - 2015-07-16 21:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 20:04 - 2015-07-16 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 21:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 20:04 - 2015-07-16 21:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 21:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 20:04 - 2015-07-16 21:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:04 - 2015-07-16 21:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 20:04 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 20:04 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 20:04 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 20:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 20:04 - 2015-07-16 20:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 20:04 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 20:04 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 20:04 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 20:03 - 2015-07-30 17:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 20:03 - 2015-07-30 17:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:03 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:03 - 2015-07-15 04:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:03 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:27 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 19:27 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 18:46 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 18:45 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 20:23 - 2015-08-09 20:23 - 00018044 _____ C:\Users\Ian\Downloads\ED LANARK ASN Aero Healthcare 280515 AG.xlsx
2015-08-08 16:29 - 2015-08-08 16:29 - 00002052 _____ C:\Windows\epplauncher.mif
2015-08-08 16:27 - 2015-08-08 16:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall (1).exe
2015-08-08 16:27 - 2015-08-08 16:27 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall.exe
2015-07-31 18:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-29 18:45 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-29 18:45 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-29 18:22 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-29 18:22 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-29 18:20 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-29 18:20 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-29 18:20 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-29 18:19 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-29 18:19 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-29 18:19 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-29 18:19 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-29 17:45 - 2015-07-31 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 17:45 - 2015-07-30 20:49 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:07 - 2012-07-06 04:36 - 01662124 _____ C:\Windows\WindowsUpdate.log
2015-08-22 22:07 - 2012-07-05 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-22 22:06 - 2015-05-02 15:26 - 00004816 _____ C:\Windows\setupact.log
2015-08-22 22:06 - 2013-12-15 18:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-22 22:06 - 2012-07-06 04:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-22 22:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-22 22:04 - 2013-12-09 21:09 - 00000000 ____D C:\AdwCleaner
2015-08-22 21:44 - 2013-12-15 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-22 21:26 - 2015-04-19 20:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-22 19:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-22 19:46 - 2013-12-15 18:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 19:10 - 2014-06-13 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-19 21:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 18:19 - 2009-07-14 05:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 18:17 - 2014-12-12 22:54 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 18:17 - 2014-05-06 22:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 22:10 - 2012-07-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 22:01 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:56 - 2012-09-16 21:47 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:26 - 2015-04-19 20:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 18:17 - 2014-07-03 20:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 18:39 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-06 18:37 - 2015-07-12 15:22 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-06 18:37 - 2015-07-12 15:22 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-01 14:45 - 2013-12-13 19:32 - 00000000 ____D C:\Users\Ian\AppData\Local\CrashDumps
2015-08-01 14:01 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 13:43 - 2011-02-10 15:02 - 00000000 ____D C:\Windows\panther
2015-07-31 19:08 - 2015-07-12 15:19 - 00001118 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-31 19:08 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 18:08 - 2013-12-07 17:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-31 16:56 - 2012-07-05 21:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-30 20:49 - 2012-07-05 21:17 - 00000000 ____D C:\ProgramData\McAfee
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-01-08 20:49 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 19:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-29 22:46 - 2015-06-11 20:40 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-07-29 22:46 - 2014-06-13 16:37 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-07-29 17:52 - 2014-10-28 21:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-29 17:51 - 2014-12-26 16:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-29 17:44 - 2015-04-05 22:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-29 17:39 - 2013-12-15 18:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-29 17:39 - 2013-12-15 18:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-29 17:37 - 2014-03-17 20:56 - 00201310 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-12-26 21:22 - 2014-12-26 21:22 - 0038422 _____ () C:\Users\Ian\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-10-28 21:09 - 2013-12-09 20:16 - 0000098 _____ () C:\Users\Ian\AppData\Roaming\WB.CFG
2013-10-28 21:09 - 2013-12-09 20:15 - 0000006 _____ () C:\Users\Ian\AppData\Roaming\WBPU-TTL.DAT
2012-12-02 12:40 - 2012-12-02 12:40 - 0003584 _____ () C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\avgnt.exe
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 21:00

==================== End of log ============================
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 22, 2015 1:31 pm    Post subject: Reply with quote

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 03
Ran by Ian (administrator) on IAN-PC (22-08-2015 22:12:22)
Running from C:\Users\Ian\Downloads
Loaded Profiles: Ian (Available Profiles: UpdatusUser & Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> DefaultScope {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL =
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C5EA24D0-C587-42B4-8BA8-1B067FA64D26} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=110313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C65AB809-0ECB-48AF-A38A-4CCD17CAAD77} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB105D20140709&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {E5B44C1B-52F1-4AF2-A3F5-ACC845FA2CE8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35C81B67-87E6-433E-9A94-9293E66C66D2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41D2B5F9-6A5D-4115-9196-74CBE5701E3F}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-07-29] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R1 RapportCerberus_1507063; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [958232 2015-08-22] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500088 2015-07-29] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-07-29] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-07-29] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-07-29] (IBM Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:12 - 2015-08-22 22:12 - 00017813 _____ C:\Users\Ian\Downloads\FRST.txt
2015-08-22 22:12 - 2015-08-22 22:12 - 00000000 ____D C:\FRST
2015-08-22 22:11 - 2015-08-22 22:11 - 02173952 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2015-08-22 22:11 - 2015-08-22 22:11 - 01677824 _____ (Farbar) C:\Users\Ian\Downloads\FRST.exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (2).exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (1).exe
2015-08-22 21:56 - 2015-08-22 21:56 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003.exe
2015-08-22 21:54 - 2015-08-22 21:54 - 00002241 _____ C:\Users\Ian\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-22 21:54 - 2015-08-22 21:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-IAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\RegBackup
2015-08-22 21:53 - 2015-08-22 21:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-22 21:52 - 2015-08-22 21:52 - 04664160 _____ (Tweaking.com) C:\Users\Ian\Downloads\tweaking.com_registry_backup_setup.exe
2015-08-21 23:51 - 2015-08-21 23:51 - 00025927 _____ C:\Users\Ian\Desktop\dds.txt
2015-08-21 23:50 - 2015-08-21 23:50 - 00688992 ____R (Swearware) C:\Users\Ian\Downloads\dds.scr
2015-08-19 21:12 - 2015-08-19 21:12 - 590219738 _____ C:\Windows\MEMORY.DMP
2015-08-19 21:12 - 2015-08-19 21:12 - 00288048 _____ C:\Windows\Minidump\081915-13026-01.dmp
2015-08-19 21:12 - 2015-08-19 21:12 - 00000000 ____D C:\Windows\Minidump
2015-08-19 21:11 - 2015-08-11 02:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 21:11 - 2015-08-11 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 21:11 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:09 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:09 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:09 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 20:08 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:08 - 2015-07-15 19:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 20:08 - 2015-07-15 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 20:08 - 2015-07-15 19:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:08 - 2015-07-15 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 20:08 - 2015-07-15 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 20:08 - 2015-07-15 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 20:08 - 2015-07-15 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 20:08 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 20:08 - 2015-07-15 18:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 20:08 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 20:08 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 20:08 - 2015-07-15 18:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 20:08 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 20:08 - 2015-07-15 18:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 20:08 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 20:08 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:08 - 2015-07-15 17:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:08 - 2015-07-15 17:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 20:08 - 2015-07-15 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 20:08 - 2015-07-15 17:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:08 - 2015-07-15 17:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:05 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:04 - 2015-07-21 01:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 20:04 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 20:04 - 2015-07-16 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 20:04 - 2015-07-16 21:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 20:04 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 20:04 - 2015-07-16 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 20:04 - 2015-07-16 21:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 21:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 20:04 - 2015-07-16 21:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 20:04 - 2015-07-16 21:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 21:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 21:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 20:04 - 2015-07-16 21:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:04 - 2015-07-16 21:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 20:04 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 20:04 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 20:04 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 20:04 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 20:04 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 20:04 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 20:04 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 20:04 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 20:04 - 2015-07-16 20:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 20:04 - 2015-07-16 20:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 20:04 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 20:04 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 20:04 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 20:04 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 20:04 - 2015-07-16 20:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 20:04 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 20:04 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 20:04 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 20:04 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 20:04 - 2015-07-16 20:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 20:04 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 20:04 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 20:04 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 20:03 - 2015-07-30 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 20:03 - 2015-07-30 17:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 20:03 - 2015-07-30 17:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:03 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:03 - 2015-07-15 04:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:03 - 2015-07-15 04:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 20:03 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 20:03 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:03 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:27 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 19:27 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 18:46 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 18:46 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 18:46 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 18:46 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 18:45 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 20:23 - 2015-08-09 20:23 - 00018044 _____ C:\Users\Ian\Downloads\ED LANARK ASN Aero Healthcare 280515 AG.xlsx
2015-08-08 16:29 - 2015-08-08 16:29 - 00002052 _____ C:\Windows\epplauncher.mif
2015-08-08 16:27 - 2015-08-08 16:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall (1).exe
2015-08-08 16:27 - 2015-08-08 16:27 - 14243008 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\mseinstall.exe
2015-07-31 18:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-29 18:45 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-29 18:45 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-29 18:23 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-29 18:22 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-29 18:22 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-29 18:20 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-29 18:20 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-29 18:20 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-29 18:20 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-29 18:19 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-29 18:19 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-29 18:19 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-29 18:19 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-29 18:19 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-29 18:19 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-29 18:19 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-29 17:45 - 2015-07-31 18:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 17:45 - 2015-07-30 20:49 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 22:07 - 2012-07-06 04:36 - 01662124 _____ C:\Windows\WindowsUpdate.log
2015-08-22 22:07 - 2012-07-05 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-22 22:06 - 2015-05-02 15:26 - 00004816 _____ C:\Windows\setupact.log
2015-08-22 22:06 - 2013-12-15 18:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-22 22:06 - 2012-07-06 04:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-22 22:06 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-22 22:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-22 22:04 - 2013-12-09 21:09 - 00000000 ____D C:\AdwCleaner
2015-08-22 21:44 - 2013-12-15 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-22 21:26 - 2015-04-19 20:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-22 20:18 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-22 19:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-22 19:46 - 2013-12-15 18:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 19:10 - 2014-06-13 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-19 21:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 18:19 - 2009-07-14 05:45 - 00409520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 18:17 - 2014-12-12 22:54 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 18:17 - 2014-05-06 22:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 22:10 - 2012-07-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 22:01 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:56 - 2012-09-16 21:47 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:26 - 2015-04-19 20:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 18:17 - 2014-07-03 20:20 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 18:39 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-06 18:37 - 2015-07-12 15:22 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-06 18:37 - 2015-07-12 15:22 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-01 14:45 - 2013-12-13 19:32 - 00000000 ____D C:\Users\Ian\AppData\Local\CrashDumps
2015-08-01 14:01 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 13:43 - 2011-02-10 15:02 - 00000000 ____D C:\Windows\panther
2015-07-31 19:08 - 2015-07-12 15:19 - 00001118 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-31 19:08 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 18:08 - 2013-12-07 17:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-31 16:56 - 2012-07-05 21:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-30 20:49 - 2012-07-05 21:17 - 00000000 ____D C:\ProgramData\McAfee
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-07-03 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 20:48 - 2014-01-08 20:49 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 19:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-29 22:46 - 2015-06-11 20:40 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-07-29 22:46 - 2014-06-13 16:37 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-07-29 17:52 - 2014-10-28 21:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-29 17:51 - 2014-12-26 16:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-29 17:44 - 2015-04-05 22:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-29 17:39 - 2013-12-15 18:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-29 17:39 - 2013-12-15 18:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-29 17:37 - 2014-03-17 20:56 - 00201310 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2014-12-26 21:22 - 2014-12-26 21:22 - 0038422 _____ () C:\Users\Ian\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-10-28 21:09 - 2013-12-09 20:16 - 0000098 _____ () C:\Users\Ian\AppData\Roaming\WB.CFG
2013-10-28 21:09 - 2013-12-09 20:15 - 0000006 _____ () C:\Users\Ian\AppData\Roaming\WBPU-TTL.DAT
2012-12-02 12:40 - 2012-12-02 12:40 - 0003584 _____ () C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\avgnt.exe
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 21:00

==================== End of log ============================
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 22, 2015 1:41 pm    Post subject: Reply with quote

Here is the addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 03
Ran by Ian (2015-08-22 22:13:12)
Running from C:\Users\Ian\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2121647027-3655492899-1191817543-500 - Administrator - Disabled)
Guest (S-1-5-21-2121647027-3655492899-1191817543-501 - Limited - Disabled)
Ian (S-1-5-21-2121647027-3655492899-1191817543-1001 - Administrator - Enabled) => C:\Users\Ian
UpdatusUser (S-1-5-21-2121647027-3655492899-1191817543-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP620 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series) (Version: - )
Canon MP620 series User Registration (HKLM-x32\...\Canon MP620 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Download Manager and Options (HKLM\...\Download_Manager_and_Options) (Version: 1.0 - Download Manager and Options)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.11.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.11.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Photoworld (HKLM-x32\...\Photoworld) (Version: 5.0.6 - CEWE Stiftung u Co. KGaA)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Rapport (x32 Version: 3.5.1507.61 - Trusteer) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.61 - Trusteer)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.1.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

12-08-2015 21:55:44 Windows Update
14-08-2015 21:42:31 Windows Defender Checkpoint
16-08-2015 19:13:28 Windows Update
19-08-2015 20:08:21 Windows Update
19-08-2015 21:10:38 Windows Update
22-08-2015 19:09:50 Installed Rapport

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-11-26 22:24 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3E8DB088-F803-46DE-A0A1-3B1F53536B10} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5B1EC02E-018E-44BC-AEB9-08E7B21877BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
Task: {7B317A5F-E2FE-49AC-91B5-D6BB7177444E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
Task: {8281FA14-1923-4DC0-88A8-697DFA4C8A09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {87F7BF92-927B-434B-BCF9-568605CA4794} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {8FA176C0-8365-4F09-BAB4-834E612188CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C7774A7-E706-4D9B-97EE-09961FC22B3B} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {A405C8E7-F0CD-42AD-86E1-D0037C23285E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {AFCF0BD9-B937-40A9-96D1-CFBC4B29B74F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {CEF44C14-FC1E-4B72-B34C-02D722482BE7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CEFE5894-E810-4156-8952-0E74751E2E15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {DFE975CE-6918-4795-8C57-E06835FAE968} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E382EF9F-3C31-4F0D-90E8-97A2861293B1} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {F106022C-7B7F-4D0A-9D4D-82485B256184} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-06 04:33 - 2013-08-09 21:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-05 21:02 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-07-12 05:31 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-12-07 17:22 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-07 17:22 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-07 17:22 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-07 17:22 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-07 17:22 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-08-22 19:46 - 2015-08-18 06:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 19:46 - 2015-08-18 06:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2014-10-17 19:55 - 2014-10-17 19:55 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-07-05 20:55 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-07-05 20:53 - 2011-12-16 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3EE48E6A-4EDE-4FD4-93A8-2327D5E78EA1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BD2A6024-69DF-4F82-B51B-EFA41F63A1FE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{795C6EB1-C4F4-4DC3-A999-2E20405FDE94}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB09B90A-2902-4464-A642-704F6EEA5716}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{0418469D-43E7-4172-8170-5EBDB69E8C03}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B82AF657-47C8-4641-819A-226EA7D4211E}] => (Allow) LPort=2869
FirewallRules: [{C826A5D8-9F19-429F-8045-0EE4FB450550}] => (Allow) LPort=1900
FirewallRules: [{A34E2902-8198-40BD-8D51-7483E7983A4B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{979A3113-9F9C-4CE9-9C17-A99F8116B0AC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD24F991-0EB6-487B-8150-7BF89D99E884}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1F4996B8-3DE1-49D7-B3E2-0808291F88E8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{88A6EF58-DE66-47DB-8B9C-0FE4C15E712C}] => (Allow) LPort=9700
FirewallRules: [{DF6E47DF-5307-4BA5-97DA-46C7EA8EDAA8}] => (Allow) LPort=9701
FirewallRules: [{EC032720-69B8-433D-981A-F4C54AE9EEFF}] => (Allow) LPort=9702
FirewallRules: [{6EAB5CD4-0FB6-4694-9193-7B02E171CF92}] => (Allow) LPort=9700
FirewallRules: [{73A0FE4B-9BBC-4DD8-BDB8-93864313E2F9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{4AD4B698-185B-49C8-9114-26EFC341B4FF}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{62EBCB9F-A82E-499D-B9EC-79481CFF141D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{7D588D8D-3E62-4DFA-9DA9-33F0AEE45EE9}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{C72B392F-1E7B-414D-A2F7-FD44C42E1295}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{75144E0C-9677-4E9A-BE45-61A3C8F6D14B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{E4FCAA5A-06C3-42E2-BC1B-398F71977395}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{5818CE0F-A51F-4158-912A-99EA1B17622B}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{82C7A23C-19F9-4411-9DA5-B661B1A6019E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{DAC8DA35-7845-4CB1-8753-F2C3D539CB4C}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{E7969E51-B4D1-498F-896E-7A132E26C9B6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{62409DBD-20F6-4BB2-AE6F-06842F7A4E66}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{926716A1-DDA5-44F0-8B8F-72128E2EF565}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{61AAF22B-D9B1-49FE-9BAB-E92181EC9871}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AA3ED21E-04CC-4E3D-A3F1-7C16A58BE473}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{84C88DCF-B977-48ED-9520-7F44914C72DA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3448EAE5-0E69-4D06-9029-E6E038E7654A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B5F95498-3B6A-43FC-9571-9AF4F8FAA89B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F387F1CB-AB22-4655-97BE-54631CA707AE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{88DD618F-928B-4D24-9D3E-2228C589923F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{126AF23A-630B-4F71-992C-0685986D10EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA370DB6-2F1F-4E48-940F-5FF3502AA1E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5E94E15-0AD7-4ADD-89C7-6D86400E0DAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75ACC8B2-ACF3-435B-BE9A-886C280C7291}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{880AD236-41B2-4A58-800F-C20D99792D50}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{48A924D7-8F88-4616-86BF-ABCF236ED8FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2015 10:11:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0x10e8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/22/2015 10:06:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 07:21:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0xee8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/22/2015 07:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0x1340
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/22/2015 07:14:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0xe74
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/22/2015 07:09:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2015 06:15:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0x1324
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/21/2015 06:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0xe48
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/21/2015 06:08:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.309.0, time stamp: 0x554ad438
Faulting module name: mcmscshm.dll, version: 14.0.1076.0, time stamp: 0x55539d2a
Exception code: 0xc0000005
Fault offset: 0x0000000000072eee
Faulting process id: 0xed8
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (08/21/2015 06:03:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/22/2015 10:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/22/2015 10:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/22/2015 10:11:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/22/2015 10:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/22/2015 10:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/22/2015 10:09:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/22/2015 10:05:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (08/22/2015 10:05:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (08/22/2015 10:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (08/22/2015 10:05:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 3974.15 MB
Available physical RAM: 1720.67 MB
Total Virtual: 7946.51 MB
Available Virtual: 5291.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:845.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: B86AD99E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS)

==================== End of log ============================
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Aug 23, 2015 2:59 am    Post subject: Reply with quote

Hi,
Quote:
Cypher, thanks for the help.

You're welcome.
We need to run a fix then i need you to run another scan for me.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Users\Ian\AppData\Local\Temp\avgnt.exe
    C:\Users\Ian\AppData\Local\Temp\sqlite3.dll

    EmptyTemp:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply
  • FRST Fixlog.txt.
  • ESET log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sun Aug 23, 2015 11:21 am    Post subject: Reply with quote

Here is the Fixlog.txt file


Fix result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 03
Ran by Ian (2015-08-23 20:14:0Cool Run:1
Running from C:\Users\Ian\Downloads
Loaded Profiles: Ian (Available Profiles: UpdatusUser & Ian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Ian\AppData\Local\Temp\avgnt.exe
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll

EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C83D59F-D849-481B-A96A-4BB31254B59D}" => key removed successfully
HKCR\CLSID\{8C83D59F-D849-481B-A96A-4BB31254B59D} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
esgiguard => service removed successfully
C:\Users\Ian\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Ian\AppData\Local\Temp\sqlite3.dll => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:14:51 ====
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Aug 23, 2015 11:44 am    Post subject: Reply with quote

Good work, post the ESET log when ready.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sun Aug 23, 2015 12:41 pm    Post subject: Reply with quote

here is the ESET log

C:\Users\Ian\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\fec6e1.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application

I am away for the next 3 days, so will advise youlater in the week about how the computer is performing, thanks
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Mon Aug 24, 2015 1:24 am    Post subject: Reply with quote

Quote:
I am away for the next 3 days, so will advise youlater in the week about how the computer is performing, thanks

No problem, thanks for letting me know.
Quote:
Defender has identified and quarantined TrojanDownloaderWin32/Waledac but it keeps returning.

Browser is slow to start up and i get a high percentage of web page error messages "This web page is not available DNS-PROB-FINISHED-NYDOMAIN"
Let me know if you're still experiencing any of these problems.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Aug 27, 2015 3:47 am    Post subject: Reply with quote

Hi, can you give me an update on the problems you're having please.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Thu Aug 27, 2015 12:33 pm    Post subject: Reply with quote

Unfortunately still the same; Defender picked it up again.

with respect to the browser i even had the same issue getting into spyware warrior (took 4 attempts to get past the "web page not available" message
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Fri Aug 28, 2015 2:10 am    Post subject: Reply with quote

Hi,
Quote:
with respect to the browser i even had the same issue getting into spyware warrior (took 4 attempts to get past the "web page not available" message

Which browser are you using when you have this problem, Chrome?
Quote:
Unfortunately still the same; Defender picked it up again.

I need you to run further scans fo me.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download Junkware Removal Tool and save it to your desktop.

  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Logs/Information to Post in your Next Reply
  • Which browser are you having problems with?
  • Malwarebytes log.
  • JRT.txt.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Fri Aug 28, 2015 12:24 pm    Post subject: Reply with quote

Malware would not update, i kept getting "Unable to access update server". So I removed Malware and downloaded a new version ( I assume it is the most update but even it would not update when requested).
it did not detect anything ( as has been the case, only Defender has picked up the Trojan) - log is below

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/08/2015
Scan Time: 20:39
Logfile: malware 28th Aug.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401480
Time Elapsed: 14 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

JRT Log below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ian on 28/08/2015 at 21:08:08.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C65AB809-0ECB-48AF-A38A-4CCD17CAAD77}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{0BCBE21C-8A1C-467C-B1EE-0BB439523510}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{108C1536-8DBF-493D-8F4F-B0C685BCE0D1}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{3A929F04-2947-4C72-ABAA-10496E73B781}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{5C7AFA11-34A4-4E7E-8645-FAE365B478F4}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{6734B636-CC93-43F1-98E7-4484DD063247}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{70999427-C02B-41A5-8430-155B8E8A7115}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{821113E9-099F-429E-9134-B685347792F9}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{870E1C28-E52B-4AD8-A766-30947447CFE1}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{A779537F-7184-4CBE-9E92-6D95FFC077EA}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{DCDF12AD-2F20-4552-87E5-59AB518667DA}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{E4D79979-2485-4341-8766-2B659993624B}
Successfully deleted: [Empty Folder] C:\Users\Ian\Appdata\Local\{E8AD7BF9-9984-46C4-B470-63FE2287B7A1}



~~~ Chrome


[C:\Users\Ian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ian\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Ian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ian\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/08/2015 at 21:13:40.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Fri Aug 28, 2015 12:57 pm    Post subject: Reply with quote

Re Browser - it is when I serach through Google Chrome
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Aug 29, 2015 2:24 am    Post subject: Reply with quote

Hi,
Quote:
Defender has identified and quarantined TrojanDownloaderWin32/Waledac but it keeps returning.

Does windows defender give you a location when it detects this threat?

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • The log is like UtilityName.Version_Date_Time_log.txt. for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • Post the contents of that log in your next reply please.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 29, 2015 7:39 am    Post subject: Reply with quote

The Defender location is:

C:/users/ian/outlook/outlook.pst->message.5056"Social Security Administration [Review your Annual Social Security Statement]"[2010/07/31 05:39:27] Attachment.6513:"statement.zip"->statement.exe

TDSS Log:

16:31:29.0404 0x1710 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:31:36.0567 0x1710 ============================================================
16:31:36.0567 0x1710 Current date / time: 2015/08/29 16:31:36.0567
16:31:36.0568 0x1710 SystemInfo:
16:31:36.0568 0x1710
16:31:36.0568 0x1710 OS Version: 6.1.7601 ServicePack: 1.0
16:31:36.0568 0x1710 Product type: Workstation
16:31:36.0568 0x1710 ComputerName: IAN-PC
16:31:36.0568 0x1710 UserName: Ian
16:31:36.0568 0x1710 Windows directory: C:\Windows
16:31:36.0568 0x1710 System windows directory: C:\Windows
16:31:36.0568 0x1710 Running under WOW64
16:31:36.0568 0x1710 Processor architecture: Intel x64
16:31:36.0568 0x1710 Number of processors: 4
16:31:36.0568 0x1710 Page size: 0x1000
16:31:36.0568 0x1710 Boot type: Normal boot
16:31:36.0568 0x1710 ============================================================
16:31:37.0508 0x1710 KLMD registered as C:\Windows\system32\drivers\91960516.sys
16:31:38.0106 0x1710 System UUID: {E29374F3-7923-282B-0E68-804503D6BC73}
16:31:39.0266 0x1710 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:39.0288 0x1710 ============================================================
16:31:39.0288 0x1710 \Device\Harddisk0\DR0:
16:31:39.0288 0x1710 MBR partitions:
16:31:39.0288 0x1710 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
16:31:39.0288 0x1710 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
16:31:39.0288 0x1710 ============================================================
16:31:39.0315 0x1710 C: <-> \Device\Harddisk0\DR0\Partition2
16:31:39.0316 0x1710 ============================================================
16:31:39.0316 0x1710 Initialize success
16:31:39.0316 0x1710 ============================================================
16:31:43.0578 0x06fc ============================================================
16:31:43.0578 0x06fc Scan started
16:31:43.0578 0x06fc Mode: Manual;
16:31:43.0579 0x06fc ============================================================
16:31:43.0579 0x06fc KSN ping started
16:31:43.0727 0x06fc KSN ping finished: true
16:31:46.0718 0x06fc ================ Scan system memory ========================
16:31:46.0718 0x06fc System memory - ok
16:31:46.0719 0x06fc ================ Scan services =============================
16:31:46.0852 0x06fc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:31:46.0866 0x06fc 1394ohci - ok
16:31:46.0924 0x06fc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:31:46.0932 0x06fc ACPI - ok
16:31:46.0949 0x06fc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:31:46.0955 0x06fc AcpiPmi - ok
16:31:47.0051 0x06fc [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:31:47.0053 0x06fc AdobeARMservice - ok
16:31:47.0160 0x06fc [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:47.0166 0x06fc AdobeFlashPlayerUpdateSvc - ok
16:31:47.0215 0x06fc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:31:47.0234 0x06fc adp94xx - ok
16:31:47.0286 0x06fc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:31:47.0300 0x06fc adpahci - ok
16:31:47.0341 0x06fc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:31:47.0352 0x06fc adpu320 - ok
16:31:47.0393 0x06fc [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:31:47.0399 0x06fc AeLookupSvc - ok
16:31:47.0452 0x06fc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:31:47.0464 0x06fc AFD - ok
16:31:47.0482 0x06fc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:31:47.0492 0x06fc agp440 - ok
16:31:47.0517 0x06fc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:31:47.0520 0x06fc ALG - ok
16:31:47.0550 0x06fc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:31:47.0555 0x06fc aliide - ok
16:31:47.0582 0x06fc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:31:47.0606 0x06fc amdide - ok
16:31:47.0612 0x06fc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:31:47.0632 0x06fc AmdK8 - ok
16:31:47.0658 0x06fc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:31:47.0673 0x06fc AmdPPM - ok
16:31:47.0711 0x06fc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:31:47.0720 0x06fc amdsata - ok
16:31:47.0747 0x06fc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:31:47.0757 0x06fc amdsbs - ok
16:31:47.0772 0x06fc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:31:47.0781 0x06fc amdxata - ok
16:31:47.0874 0x06fc [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
16:31:47.0890 0x06fc AntiVirMailService - ok
16:31:47.0951 0x06fc [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
16:31:47.0960 0x06fc AntiVirSchedulerService - ok
16:31:48.0002 0x06fc [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
16:31:48.0011 0x06fc AntiVirService - ok
16:31:48.0051 0x06fc [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
16:31:48.0072 0x06fc AntiVirWebService - ok
16:31:48.0117 0x06fc [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
16:31:48.0120 0x06fc AppID - ok
16:31:48.0153 0x06fc [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:31:48.0156 0x06fc AppIDSvc - ok
16:31:48.0178 0x06fc [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
16:31:48.0181 0x06fc Appinfo - ok
16:31:48.0235 0x06fc [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:48.0239 0x06fc Apple Mobile Device - ok
16:31:48.0261 0x06fc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:31:48.0275 0x06fc arc - ok
16:31:48.0299 0x06fc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:31:48.0314 0x06fc arcsas - ok
16:31:48.0418 0x06fc [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:31:48.0448 0x06fc aspnet_state - ok
16:31:48.0477 0x06fc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:48.0479 0x06fc AsyncMac - ok
16:31:48.0535 0x06fc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:31:48.0539 0x06fc atapi - ok
16:31:48.0624 0x06fc [ 7D0398396727195CC73D703001D3CFF4, 5175C5061AB201F688538E1C6849F42BB987121C0FB9189BB8616E8573522969 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:31:48.0710 0x06fc athr - ok
16:31:48.0782 0x06fc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:48.0795 0x06fc AudioEndpointBuilder - ok
16:31:48.0816 0x06fc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:31:48.0828 0x06fc AudioSrv - ok
16:31:48.0893 0x06fc [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:31:48.0910 0x06fc avgntflt - ok
16:31:48.0962 0x06fc [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:31:48.0977 0x06fc avipbb - ok
16:31:49.0030 0x06fc [ 4B3DBF1CEBE1B2346BF2F8D2251F641A, CDC5BCA35BE658007E29E94E7FBFAA499B50929E738A12904397D16268C6FBAE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
16:31:49.0036 0x06fc Avira.ServiceHost - ok
16:31:49.0057 0x06fc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:31:49.0067 0x06fc avkmgr - ok
16:31:49.0112 0x06fc [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
16:31:49.0119 0x06fc avnetflt - ok
16:31:49.0150 0x06fc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:31:49.0153 0x06fc AxInstSV - ok
16:31:49.0185 0x06fc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:31:49.0203 0x06fc b06bdrv - ok
16:31:49.0250 0x06fc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:49.0262 0x06fc b57nd60a - ok
16:31:49.0290 0x06fc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:31:49.0294 0x06fc BDESVC - ok
16:31:49.0305 0x06fc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:31:49.0309 0x06fc Beep - ok
16:31:49.0357 0x06fc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:31:49.0373 0x06fc BFE - ok
16:31:49.0421 0x06fc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:31:49.0441 0x06fc BITS - ok
16:31:49.0490 0x06fc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:49.0498 0x06fc blbdrive - ok
16:31:49.0570 0x06fc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:49.0580 0x06fc Bonjour Service - ok
16:31:49.0626 0x06fc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:31:49.0635 0x06fc bowser - ok
16:31:49.0653 0x06fc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:31:49.0660 0x06fc BrFiltLo - ok
16:31:49.0675 0x06fc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:31:49.0682 0x06fc BrFiltUp - ok
16:31:49.0719 0x06fc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:31:49.0723 0x06fc Browser - ok
16:31:49.0742 0x06fc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:31:49.0757 0x06fc Brserid - ok
16:31:49.0775 0x06fc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:49.0783 0x06fc BrSerWdm - ok
16:31:49.0791 0x06fc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:49.0799 0x06fc BrUsbMdm - ok
16:31:49.0811 0x06fc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:49.0819 0x06fc BrUsbSer - ok
16:31:49.0828 0x06fc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:31:49.0853 0x06fc BTHMODEM - ok
16:31:49.0885 0x06fc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:31:49.0889 0x06fc bthserv - ok
16:31:49.0917 0x06fc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:31:49.0921 0x06fc cdfs - ok
16:31:49.0948 0x06fc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:31:49.0952 0x06fc cdrom - ok
16:31:49.0976 0x06fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:31:49.0981 0x06fc CertPropSvc - ok
16:31:50.0012 0x06fc [ 35584BC0CF9B9F3CDA830396C4DEB6DB, 34D283CC7F5BEF00CF01C749427B8C07895A97F6C7D84740458DD8A4DF1120E2 ] cfwids C:\Windows\system32\drivers\cfwids.sys
16:31:50.0022 0x06fc cfwids - ok
16:31:50.0033 0x06fc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:31:50.0045 0x06fc circlass - ok
16:31:50.0085 0x06fc [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
16:31:50.0094 0x06fc CLFS - ok
16:31:50.0146 0x06fc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:50.0150 0x06fc clr_optimization_v2.0.50727_32 - ok
16:31:50.0170 0x06fc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:50.0174 0x06fc clr_optimization_v2.0.50727_64 - ok
16:31:50.0222 0x06fc [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:50.0317 0x06fc clr_optimization_v4.0.30319_32 - ok
16:31:50.0332 0x06fc [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:50.0376 0x06fc clr_optimization_v4.0.30319_64 - ok
16:31:50.0398 0x06fc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:31:50.0407 0x06fc CmBatt - ok
16:31:50.0439 0x06fc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:31:50.0447 0x06fc cmdide - ok
16:31:50.0502 0x06fc [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
16:31:50.0513 0x06fc CNG - ok
16:31:50.0583 0x06fc [ 1635CED9C1FB6182B11BD62AA4F744B6, E781DADC786E07731F15DA2C6701B1426CAFC45F28FFEB7CD4BB546E4CDE1869 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:31:50.0659 0x06fc CnxtHdAudService - ok
16:31:50.0687 0x06fc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:31:50.0695 0x06fc Compbatt - ok
16:31:50.0718 0x06fc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:31:50.0721 0x06fc CompositeBus - ok
16:31:50.0725 0x06fc COMSysApp - ok
16:31:50.0804 0x06fc [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:31:50.0812 0x06fc cphs - ok
16:31:50.0823 0x06fc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:31:50.0836 0x06fc crcdisk - ok
16:31:50.0890 0x06fc [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:31:50.0895 0x06fc CryptSvc - ok
16:31:50.0938 0x06fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:31:50.0950 0x06fc DcomLaunch - ok
16:31:51.0000 0x06fc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:31:51.0009 0x06fc defragsvc - ok
16:31:51.0061 0x06fc [ A97BD43C2628D7274C88A3B4CE785EFB, F85B074A291BC3D63DFD81EC39FBDB1EECDF86A33A1AB7580624EEAF6337DE63 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
16:31:51.0065 0x06fc DellDigitalDelivery - ok
16:31:51.0081 0x06fc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:31:51.0086 0x06fc DfsC - ok
16:31:51.0108 0x06fc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:31:51.0116 0x06fc Dhcp - ok
16:31:51.0201 0x06fc [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
16:31:51.0236 0x06fc DiagTrack - ok
16:31:51.0267 0x06fc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:31:51.0270 0x06fc discache - ok
16:31:51.0289 0x06fc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:31:51.0293 0x06fc Disk - ok
16:31:51.0323 0x06fc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:31:51.0328 0x06fc Dnscache - ok
16:31:51.0345 0x06fc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:31:51.0352 0x06fc dot3svc - ok
16:31:51.0364 0x06fc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:31:51.0370 0x06fc DPS - ok
16:31:51.0399 0x06fc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:31:51.0403 0x06fc drmkaud - ok
16:31:51.0449 0x06fc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:31:51.0469 0x06fc DXGKrnl - ok
16:31:51.0503 0x06fc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:31:51.0508 0x06fc EapHost - ok
16:31:51.0625 0x06fc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:31:51.0744 0x06fc ebdrv - ok
16:31:51.0795 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS C:\Windows\System32\lsass.exe
16:31:51.0798 0x06fc EFS - ok
16:31:51.0856 0x06fc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:31:51.0874 0x06fc ehRecvr - ok
16:31:51.0889 0x06fc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:31:51.0900 0x06fc ehSched - ok
16:31:51.0931 0x06fc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:31:51.0955 0x06fc elxstor - ok
16:31:51.0974 0x06fc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:31:51.0981 0x06fc ErrDev - ok
16:31:52.0022 0x06fc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:31:52.0033 0x06fc EventSystem - ok
16:31:52.0048 0x06fc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:31:52.0053 0x06fc exfat - ok
16:31:52.0070 0x06fc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:31:52.0076 0x06fc fastfat - ok
16:31:52.0118 0x06fc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:31:52.0134 0x06fc Fax - ok
16:31:52.0152 0x06fc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:31:52.0159 0x06fc fdc - ok
16:31:52.0177 0x06fc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:31:52.0180 0x06fc fdPHost - ok
16:31:52.0194 0x06fc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:31:52.0196 0x06fc FDResPub - ok
16:31:52.0207 0x06fc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:31:52.0211 0x06fc FileInfo - ok
16:31:52.0224 0x06fc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:31:52.0227 0x06fc Filetrace - ok
16:31:52.0244 0x06fc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:31:52.0246 0x06fc flpydisk - ok
16:31:52.0264 0x06fc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:31:52.0273 0x06fc FltMgr - ok
16:31:52.0342 0x06fc [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
16:31:52.0375 0x06fc FontCache - ok
16:31:52.0441 0x06fc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:31:52.0443 0x06fc FontCache3.0.0.0 - ok
16:31:52.0456 0x06fc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:31:52.0459 0x06fc FsDepends - ok
16:31:52.0483 0x06fc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:31:52.0485 0x06fc Fs_Rec - ok
16:31:52.0522 0x06fc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:31:52.0528 0x06fc fvevol - ok
16:31:52.0546 0x06fc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:31:52.0554 0x06fc gagp30kx - ok
16:31:52.0588 0x06fc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:31:52.0601 0x06fc GEARAspiWDM - ok
16:31:52.0661 0x06fc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:31:52.0679 0x06fc gpsvc - ok
16:31:52.0772 0x06fc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:52.0776 0x06fc gupdate - ok
16:31:52.0783 0x06fc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:52.0786 0x06fc gupdatem - ok
16:31:52.0802 0x06fc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:31:52.0822 0x06fc hcw85cir - ok
16:31:52.0849 0x06fc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:31:52.0854 0x06fc HDAudBus - ok
16:31:52.0888 0x06fc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:31:52.0895 0x06fc HidBatt - ok
16:31:52.0908 0x06fc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:31:52.0917 0x06fc HidBth - ok
16:31:52.0928 0x06fc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:31:52.0939 0x06fc HidIr - ok
16:31:52.0958 0x06fc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:31:52.0961 0x06fc hidserv - ok
16:31:52.0994 0x06fc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:31:52.0997 0x06fc HidUsb - ok
16:31:53.0025 0x06fc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:31:53.0030 0x06fc hkmsvc - ok
16:31:53.0052 0x06fc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:31:53.0058 0x06fc HomeGroupListener - ok
16:31:53.0077 0x06fc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:31:53.0083 0x06fc HomeGroupProvider - ok
16:31:53.0186 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:31:53.0192 0x06fc HomeNetSvc - ok
16:31:53.0208 0x06fc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:31:53.0217 0x06fc HpSAMD - ok
16:31:53.0270 0x06fc [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:31:53.0285 0x06fc HTTP - ok
16:31:53.0312 0x06fc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:31:53.0314 0x06fc hwpolicy - ok
16:31:53.0334 0x06fc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:31:53.0339 0x06fc i8042prt - ok
16:31:53.0376 0x06fc [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:31:53.0387 0x06fc iaStor - ok
16:31:53.0468 0x06fc [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:31:53.0471 0x06fc IAStorDataMgrSvc - ok
16:31:53.0509 0x06fc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:31:53.0525 0x06fc iaStorV - ok
16:31:53.0604 0x06fc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:31:53.0624 0x06fc idsvc - ok
16:31:53.0647 0x06fc IEEtwCollectorService - ok
16:31:53.0846 0x06fc [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:31:54.0048 0x06fc igfx - ok
16:31:54.0097 0x06fc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:31:54.0108 0x06fc iirsp - ok
16:31:54.0173 0x06fc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:31:54.0191 0x06fc IKEEXT - ok
16:31:54.0227 0x06fc [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:31:54.0243 0x06fc IntcDAud - ok
16:31:54.0291 0x06fc [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
16:31:54.0304 0x06fc Intel(R) Capability Licensing Service Interface - ok
16:31:54.0337 0x06fc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:31:54.0359 0x06fc intelide - ok
16:31:54.0387 0x06fc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:31:54.0390 0x06fc intelppm - ok
16:31:54.0424 0x06fc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:31:54.0429 0x06fc IPBusEnum - ok
16:31:54.0460 0x06fc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:54.0465 0x06fc IpFilterDriver - ok
16:31:54.0522 0x06fc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:31:54.0536 0x06fc iphlpsvc - ok
16:31:54.0566 0x06fc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:31:54.0578 0x06fc IPMIDRV - ok
16:31:54.0596 0x06fc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:31:54.0603 0x06fc IPNAT - ok
16:31:54.0668 0x06fc [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:31:54.0681 0x06fc iPod Service - ok
16:31:54.0713 0x06fc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:31:54.0716 0x06fc IRENUM - ok
16:31:54.0726 0x06fc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:31:54.0736 0x06fc isapnp - ok
16:31:54.0780 0x06fc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:31:54.0787 0x06fc iScsiPrt - ok
16:31:54.0815 0x06fc [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:31:54.0821 0x06fc iusb3hcs - ok
16:31:54.0844 0x06fc [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:31:54.0862 0x06fc iusb3hub - ok
16:31:54.0921 0x06fc [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:31:54.0951 0x06fc iusb3xhc - ok
16:31:54.0978 0x06fc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:31:54.0981 0x06fc kbdclass - ok
16:31:54.0992 0x06fc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:31:54.0996 0x06fc kbdhid - ok
16:31:55.0008 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso C:\Windows\system32\lsass.exe
16:31:55.0011 0x06fc KeyIso - ok
16:31:55.0045 0x06fc [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:31:55.0049 0x06fc KSecDD - ok
16:31:55.0063 0x06fc [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:31:55.0070 0x06fc KSecPkg - ok
16:31:55.0079 0x06fc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:31:55.0082 0x06fc ksthunk - ok
16:31:55.0108 0x06fc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:31:55.0117 0x06fc KtmRm - ok
16:31:55.0145 0x06fc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:31:55.0153 0x06fc LanmanServer - ok
16:31:55.0174 0x06fc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:31:55.0180 0x06fc LanmanWorkstation - ok
16:31:55.0213 0x06fc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:31:55.0216 0x06fc lltdio - ok
16:31:55.0246 0x06fc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:31:55.0253 0x06fc lltdsvc - ok
16:31:55.0262 0x06fc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:31:55.0267 0x06fc lmhosts - ok
16:31:55.0319 0x06fc [ 8D82CBBF5A8532D9A21A64BBCB774EE7, 30D6477EA4B47D50F05E3435A68113B3676CA24EF51CC2693353C2224D28D2BB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:31:55.0325 0x06fc LMS - ok
16:31:55.0345 0x06fc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:31:55.0354 0x06fc LSI_FC - ok
16:31:55.0385 0x06fc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:31:55.0394 0x06fc LSI_SAS - ok
16:31:55.0438 0x06fc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:31:55.0447 0x06fc LSI_SAS2 - ok
16:31:55.0463 0x06fc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:31:55.0480 0x06fc LSI_SCSI - ok
16:31:55.0504 0x06fc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:31:55.0508 0x06fc luafv - ok
16:31:55.0535 0x06fc [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:31:55.0543 0x06fc MBAMProtector - ok
16:31:55.0635 0x06fc [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:31:55.0670 0x06fc MBAMService - ok
16:31:55.0714 0x06fc [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:31:55.0731 0x06fc MBAMWebAccessControl - ok
16:31:55.0818 0x06fc [ 278E661D8D5DC7FEF3932DB1698E1BBB, 5D9BC30321E6DC6FADF83E5272316EBEFB99244AB0CAD41F28DA9AAA2E30DA6C ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
16:31:55.0832 0x06fc McAPExe - ok
16:31:55.0859 0x06fc [ 9504F1DDA1B67FB8D526FD4F8CC882F3, 99B35D5B8879B556CD0D1825F7AECC1124FFAD3EB39C10B77B7522E145FC00B3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
16:31:55.0865 0x06fc McAWFwk - ok
16:31:55.0982 0x06fc [ 794E2A657BD4EC51771893346F6B9431, AE979FE1E0BF333A1E2DC49FD3F0B52045C5E639D95996F5F354E3582EA27811 ] mccspsvc C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
16:31:55.0986 0x06fc mccspsvc - ok
16:31:56.0039 0x06fc [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:31:56.0044 0x06fc McOobeSv - ok
16:31:56.0091 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] mcpltsvc C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
16:31:56.0098 0x06fc mcpltsvc - ok
16:31:56.0117 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] McProxy C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
16:31:56.0123 0x06fc McProxy - ok
16:31:56.0151 0x06fc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:31:56.0156 0x06fc Mcx2Svc - ok
16:31:56.0182 0x06fc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:31:56.0188 0x06fc megasas - ok
16:31:56.0212 0x06fc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:31:56.0237 0x06fc MegaSR - ok
16:31:56.0270 0x06fc [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:31:56.0281 0x06fc MEIx64 - ok
16:31:56.0314 0x06fc [ 5880E568C905F4A6DD7B0124682AE552, 046E810B807E9EC3190DE5F82BFC1CCA6AE1A49A453240C2066706CE5235AF9C ] mfeaack C:\Windows\system32\drivers\mfeaack.sys
16:31:56.0332 0x06fc mfeaack - ok
16:31:56.0376 0x06fc [ 8522BA5DB3B9D37845ABC0F28B0292B2, BADE7EC1329018FAAF30604000619AC3136B93F386C727D778E1E4EB0E67315D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:31:56.0391 0x06fc mfeavfk - ok
16:31:56.0435 0x06fc [ 983CA8E34131695D6DE810990CE8FF69, C6BC27000C1EB8638AC1A8E2B8884FC71FAD667E0BB850E305C7DE77EBA5306D ] mfedisk C:\Windows\system32\DRIVERS\mfedisk.sys
16:31:56.0447 0x06fc mfedisk - ok
16:31:56.0509 0x06fc [ 2AD2774662724B3BE9CFF9A59027F230, F7DDBD2FEE5F74DE73EA710CC847CFAD101E0246FAF48AAC74A95619F40F91F2 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:31:56.0514 0x06fc mfefire - ok
16:31:56.0555 0x06fc [ 7B4D31713AAA449CB7A55C65A0CB701A, 95CE542F6C9EE67A7C7CFD96579B81B31EEDBBE54FD82F7E63254E248975A99E ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
16:31:56.0576 0x06fc mfefirek - ok
16:31:56.0672 0x06fc [ AB88A9E16450DD1F1D74368F832DC695, DB84BB0F9CB085239A6D39CE79760CCC060B8A2295F38B4B51731921DA018239 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:31:56.0703 0x06fc mfehidk - ok
16:31:56.0752 0x06fc [ D4DAE8254FE5C1FDFC002C276CCFDF51, 81767CF5F609F5A0FFF0CF8876B9EF20579A03E60EA5FD3ACFF17922F0046428 ] mfemms C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
16:31:56.0760 0x06fc mfemms - ok
16:31:56.0779 0x06fc [ C51B7DE45CE780E515A49F5D0B46C472, 998A95E298B0CA1345D12C59B54EABB5ABB89A87870E024F4FD8EC58AC2C6556 ] mfevtp C:\Windows\system32\mfevtps.exe
16:31:56.0784 0x06fc mfevtp - ok
16:31:56.0801 0x06fc [ F265F0B2134A3C2896F56B1FD4D55F77, 202C6AE68FA4E1DFFB4C8333EA23A918436131308A0663A929D9B6B46A9ABDB5 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
16:31:56.0820 0x06fc mfewfpk - ok
16:31:56.0885 0x06fc [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:31:56.0887 0x06fc Microsoft Office Groove Audit Service - ok
16:31:56.0908 0x06fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:31:56.0912 0x06fc MMCSS - ok
16:31:56.0928 0x06fc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:31:56.0931 0x06fc Modem - ok
16:31:56.0963 0x06fc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:31:56.0967 0x06fc monitor - ok
16:31:57.0001 0x06fc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:31:57.0006 0x06fc mouclass - ok
16:31:57.0031 0x06fc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:31:57.0036 0x06fc mouhid - ok
16:31:57.0076 0x06fc [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:31:57.0080 0x06fc mountmgr - ok
16:31:57.0090 0x06fc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:31:57.0107 0x06fc mpio - ok
16:31:57.0122 0x06fc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:31:57.0125 0x06fc mpsdrv - ok
16:31:57.0158 0x06fc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:31:57.0179 0x06fc MpsSvc - ok
16:31:57.0204 0x06fc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:31:57.0208 0x06fc MRxDAV - ok
16:31:57.0249 0x06fc [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:57.0254 0x06fc mrxsmb - ok
16:31:57.0272 0x06fc [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:57.0280 0x06fc mrxsmb10 - ok
16:31:57.0302 0x06fc [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:57.0307 0x06fc mrxsmb20 - ok
16:31:57.0338 0x06fc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:31:57.0349 0x06fc msahci - ok
16:31:57.0354 0x06fc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:31:57.0392 0x06fc msdsm - ok
16:31:57.0417 0x06fc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:31:57.0421 0x06fc MSDTC - ok
16:31:57.0436 0x06fc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:31:57.0440 0x06fc Msfs - ok
16:31:57.0466 0x06fc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:31:57.0469 0x06fc mshidkmdf - ok
16:31:57.0492 0x06fc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:31:57.0494 0x06fc msisadrv - ok
16:31:57.0528 0x06fc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:31:57.0533 0x06fc MSiSCSI - ok
16:31:57.0539 0x06fc msiserver - ok
16:31:57.0554 0x06fc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:31:57.0556 0x06fc MSKSSRV - ok
16:31:57.0569 0x06fc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:57.0573 0x06fc MSPCLOCK - ok
16:31:57.0585 0x06fc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:31:57.0587 0x06fc MSPQM - ok
16:31:57.0612 0x06fc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:31:57.0621 0x06fc MsRPC - ok
16:31:57.0630 0x06fc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:31:57.0634 0x06fc mssmbios - ok
16:31:57.0643 0x06fc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:31:57.0646 0x06fc MSTEE - ok
16:31:57.0667 0x06fc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:31:57.0676 0x06fc MTConfig - ok
16:31:57.0695 0x06fc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:31:57.0700 0x06fc Mup - ok
16:31:57.0738 0x06fc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:31:57.0748 0x06fc napagent - ok
16:31:57.0779 0x06fc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:31:57.0788 0x06fc NativeWifiP - ok
16:31:57.0890 0x06fc [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
16:31:57.0905 0x06fc NAUpdate - ok
16:31:57.0990 0x06fc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:31:58.0009 0x06fc NDIS - ok
16:31:58.0041 0x06fc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:58.0044 0x06fc NdisCap - ok
16:31:58.0061 0x06fc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:58.0064 0x06fc NdisTapi - ok
16:31:58.0079 0x06fc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:58.0082 0x06fc Ndisuio - ok
16:31:58.0094 0x06fc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:58.0099 0x06fc NdisWan - ok
16:31:58.0128 0x06fc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:31:58.0131 0x06fc NDProxy - ok
16:31:58.0143 0x06fc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:31:58.0147 0x06fc NetBIOS - ok
16:31:58.0162 0x06fc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:31:58.0169 0x06fc NetBT - ok
16:31:58.0181 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon C:\Windows\system32\lsass.exe
16:31:58.0183 0x06fc Netlogon - ok
16:31:58.0211 0x06fc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:31:58.0219 0x06fc Netman - ok
16:31:58.0259 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0263 0x06fc NetMsmqActivator - ok
16:31:58.0271 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0275 0x06fc NetPipeActivator - ok
16:31:58.0298 0x06fc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:31:58.0312 0x06fc netprofm - ok
16:31:58.0320 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0323 0x06fc NetTcpActivator - ok
16:31:58.0330 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0336 0x06fc NetTcpPortSharing - ok
16:31:58.0363 0x06fc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:31:58.0376 0x06fc nfrd960 - ok
16:31:58.0417 0x06fc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:31:58.0425 0x06fc NlaSvc - ok
16:31:58.0530 0x06fc [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
16:31:58.0609 0x06fc NOBU - ok
16:31:58.0654 0x06fc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:31:58.0656 0x06fc Npfs - ok
16:31:58.0663 0x06fc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:31:58.0666 0x06fc nsi - ok
16:31:58.0676 0x06fc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:31:58.0680 0x06fc nsiproxy - ok
16:31:58.0751 0x06fc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:31:58.0802 0x06fc Ntfs - ok
16:31:58.0837 0x06fc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:31:58.0845 0x06fc Null - ok
16:31:58.0875 0x06fc [ A4247F976E40B5C23273631153D97D58, B12A899C624D05701A68EE89458E0C953AA8488C3C0533C7702BB3DE8C383519 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:31:58.0886 0x06fc NVHDA - ok
16:31:59.0228 0x06fc [ F4269CD67AD5141BBCD6652682ED6758, FE67E8513E40ED3BF128A14688431296DCBA2C50C4AB248D487D6D5EA0066448 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:31:59.0614 0x06fc nvlddmkm - ok
16:31:59.0654 0x06fc [ E1BCDE56B04D424F4F2DF4865DAB2ECF, 1227A79CC11593CBD13E063F1309CC84E9DBDA01EF74CEBBBD1A1847D4ABF170 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:31:59.0665 0x06fc nvpciflt - ok
16:31:59.0690 0x06fc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:31:59.0700 0x06fc nvraid - ok
16:31:59.0719 0x06fc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:31:59.0735 0x06fc nvstor - ok
16:31:59.0786 0x06fc [ 6E41E4F9E9FCEFDB7EC0202AC08DFAF1, FE01AE6987DC826B77DEEDBC3B73F26F61B966330FB159E54960189DBFBF3F3F ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
16:31:59.0829 0x06fc NvStUSB - ok
16:31:59.0913 0x06fc [ 138AEEC8C947C3BBD6180BB327627325, 50F5353476AF9A2555EE0AA3D97101D5205CFE9B34AF254C64A85498A49D4878 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:31:59.0933 0x06fc nvsvc - ok
16:32:00.0001 0x06fc [ CC115D6E16C16B288E7EB3EDEA05AE90, 1E50C15DCBAC6277A01EDFBEA6BD36F5A5F1BB3887C0CF5DF02E074AC62841DC ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:00.0044 0x06fc nvUpdatusService - ok
16:32:00.0052 0x06fc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:32:00.0062 0x06fc nv_agp - ok
16:32:00.0143 0x06fc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:32:00.0153 0x06fc odserv - ok
16:32:00.0167 0x06fc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:32:00.0178 0x06fc ohci1394 - ok
16:32:00.0225 0x06fc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:00.0229 0x06fc ose - ok
16:32:00.0265 0x06fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:32:00.0276 0x06fc p2pimsvc - ok
16:32:00.0296 0x06fc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:32:00.0309 0x06fc p2psvc - ok
16:32:00.0326 0x06fc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:32:00.0339 0x06fc Parport - ok
16:32:00.0374 0x06fc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:32:00.0377 0x06fc partmgr - ok
16:32:00.0423 0x06fc [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:32:00.0428 0x06fc PcaSvc - ok
16:32:00.0462 0x06fc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:32:00.0468 0x06fc pci - ok
16:32:00.0506 0x06fc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:32:00.0509 0x06fc pciide - ok
16:32:00.0545 0x06fc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:32:00.0577 0x06fc pcmcia - ok
16:32:00.0618 0x06fc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:32:00.0620 0x06fc pcw - ok
16:32:00.0650 0x06fc [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:32:00.0664 0x06fc PEAUTH - ok
16:32:00.0774 0x06fc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:32:00.0777 0x06fc PerfHost - ok
16:32:00.0824 0x06fc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:32:00.0868 0x06fc pla - ok
16:32:00.0914 0x06fc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:32:00.0923 0x06fc PlugPlay - ok
16:32:00.0930 0x06fc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:32:00.0936 0x06fc PNRPAutoReg - ok
16:32:00.0956 0x06fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:32:00.0964 0x06fc PNRPsvc - ok
16:32:00.0995 0x06fc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:32:01.0009 0x06fc PolicyAgent - ok
16:32:01.0041 0x06fc [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
16:32:01.0047 0x06fc Power - ok
16:32:01.0082 0x06fc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:32:01.0086 0x06fc PptpMiniport - ok
16:32:01.0103 0x06fc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:32:01.0124 0x06fc Processor - ok
16:32:01.0156 0x06fc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB821147
_________________
Goody
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Aug 29, 2015 7:39 am    Post subject: Reply with quote

The Defender location is:

C:/users/ian/outlook/outlook.pst->message.5056"Social Security Administration [Review your Annual Social Security Statement]"[2010/07/31 05:39:27] Attachment.6513:"statement.zip"->statement.exe

TDSS Log:

16:31:29.0404 0x1710 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:31:36.0567 0x1710 ============================================================
16:31:36.0567 0x1710 Current date / time: 2015/08/29 16:31:36.0567
16:31:36.0568 0x1710 SystemInfo:
16:31:36.0568 0x1710
16:31:36.0568 0x1710 OS Version: 6.1.7601 ServicePack: 1.0
16:31:36.0568 0x1710 Product type: Workstation
16:31:36.0568 0x1710 ComputerName: IAN-PC
16:31:36.0568 0x1710 UserName: Ian
16:31:36.0568 0x1710 Windows directory: C:\Windows
16:31:36.0568 0x1710 System windows directory: C:\Windows
16:31:36.0568 0x1710 Running under WOW64
16:31:36.0568 0x1710 Processor architecture: Intel x64
16:31:36.0568 0x1710 Number of processors: 4
16:31:36.0568 0x1710 Page size: 0x1000
16:31:36.0568 0x1710 Boot type: Normal boot
16:31:36.0568 0x1710 ============================================================
16:31:37.0508 0x1710 KLMD registered as C:\Windows\system32\drivers\91960516.sys
16:31:38.0106 0x1710 System UUID: {E29374F3-7923-282B-0E68-804503D6BC73}
16:31:39.0266 0x1710 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:31:39.0288 0x1710 ============================================================
16:31:39.0288 0x1710 \Device\Harddisk0\DR0:
16:31:39.0288 0x1710 MBR partitions:
16:31:39.0288 0x1710 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
16:31:39.0288 0x1710 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
16:31:39.0288 0x1710 ============================================================
16:31:39.0315 0x1710 C: <-> \Device\Harddisk0\DR0\Partition2
16:31:39.0316 0x1710 ============================================================
16:31:39.0316 0x1710 Initialize success
16:31:39.0316 0x1710 ============================================================
16:31:43.0578 0x06fc ============================================================
16:31:43.0578 0x06fc Scan started
16:31:43.0578 0x06fc Mode: Manual;
16:31:43.0579 0x06fc ============================================================
16:31:43.0579 0x06fc KSN ping started
16:31:43.0727 0x06fc KSN ping finished: true
16:31:46.0718 0x06fc ================ Scan system memory ========================
16:31:46.0718 0x06fc System memory - ok
16:31:46.0719 0x06fc ================ Scan services =============================
16:31:46.0852 0x06fc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:31:46.0866 0x06fc 1394ohci - ok
16:31:46.0924 0x06fc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:31:46.0932 0x06fc ACPI - ok
16:31:46.0949 0x06fc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:31:46.0955 0x06fc AcpiPmi - ok
16:31:47.0051 0x06fc [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:31:47.0053 0x06fc AdobeARMservice - ok
16:31:47.0160 0x06fc [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:31:47.0166 0x06fc AdobeFlashPlayerUpdateSvc - ok
16:31:47.0215 0x06fc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:31:47.0234 0x06fc adp94xx - ok
16:31:47.0286 0x06fc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:31:47.0300 0x06fc adpahci - ok
16:31:47.0341 0x06fc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:31:47.0352 0x06fc adpu320 - ok
16:31:47.0393 0x06fc [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:31:47.0399 0x06fc AeLookupSvc - ok
16:31:47.0452 0x06fc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:31:47.0464 0x06fc AFD - ok
16:31:47.0482 0x06fc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:31:47.0492 0x06fc agp440 - ok
16:31:47.0517 0x06fc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:31:47.0520 0x06fc ALG - ok
16:31:47.0550 0x06fc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:31:47.0555 0x06fc aliide - ok
16:31:47.0582 0x06fc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:31:47.0606 0x06fc amdide - ok
16:31:47.0612 0x06fc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:31:47.0632 0x06fc AmdK8 - ok
16:31:47.0658 0x06fc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:31:47.0673 0x06fc AmdPPM - ok
16:31:47.0711 0x06fc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:31:47.0720 0x06fc amdsata - ok
16:31:47.0747 0x06fc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:31:47.0757 0x06fc amdsbs - ok
16:31:47.0772 0x06fc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:31:47.0781 0x06fc amdxata - ok
16:31:47.0874 0x06fc [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
16:31:47.0890 0x06fc AntiVirMailService - ok
16:31:47.0951 0x06fc [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
16:31:47.0960 0x06fc AntiVirSchedulerService - ok
16:31:48.0002 0x06fc [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
16:31:48.0011 0x06fc AntiVirService - ok
16:31:48.0051 0x06fc [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
16:31:48.0072 0x06fc AntiVirWebService - ok
16:31:48.0117 0x06fc [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
16:31:48.0120 0x06fc AppID - ok
16:31:48.0153 0x06fc [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:31:48.0156 0x06fc AppIDSvc - ok
16:31:48.0178 0x06fc [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
16:31:48.0181 0x06fc Appinfo - ok
16:31:48.0235 0x06fc [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:48.0239 0x06fc Apple Mobile Device - ok
16:31:48.0261 0x06fc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:31:48.0275 0x06fc arc - ok
16:31:48.0299 0x06fc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:31:48.0314 0x06fc arcsas - ok
16:31:48.0418 0x06fc [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:31:48.0448 0x06fc aspnet_state - ok
16:31:48.0477 0x06fc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:48.0479 0x06fc AsyncMac - ok
16:31:48.0535 0x06fc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:31:48.0539 0x06fc atapi - ok
16:31:48.0624 0x06fc [ 7D0398396727195CC73D703001D3CFF4, 5175C5061AB201F688538E1C6849F42BB987121C0FB9189BB8616E8573522969 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:31:48.0710 0x06fc athr - ok
16:31:48.0782 0x06fc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:48.0795 0x06fc AudioEndpointBuilder - ok
16:31:48.0816 0x06fc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:31:48.0828 0x06fc AudioSrv - ok
16:31:48.0893 0x06fc [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:31:48.0910 0x06fc avgntflt - ok
16:31:48.0962 0x06fc [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:31:48.0977 0x06fc avipbb - ok
16:31:49.0030 0x06fc [ 4B3DBF1CEBE1B2346BF2F8D2251F641A, CDC5BCA35BE658007E29E94E7FBFAA499B50929E738A12904397D16268C6FBAE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
16:31:49.0036 0x06fc Avira.ServiceHost - ok
16:31:49.0057 0x06fc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:31:49.0067 0x06fc avkmgr - ok
16:31:49.0112 0x06fc [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
16:31:49.0119 0x06fc avnetflt - ok
16:31:49.0150 0x06fc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:31:49.0153 0x06fc AxInstSV - ok
16:31:49.0185 0x06fc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:31:49.0203 0x06fc b06bdrv - ok
16:31:49.0250 0x06fc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:49.0262 0x06fc b57nd60a - ok
16:31:49.0290 0x06fc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:31:49.0294 0x06fc BDESVC - ok
16:31:49.0305 0x06fc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:31:49.0309 0x06fc Beep - ok
16:31:49.0357 0x06fc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:31:49.0373 0x06fc BFE - ok
16:31:49.0421 0x06fc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:31:49.0441 0x06fc BITS - ok
16:31:49.0490 0x06fc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:49.0498 0x06fc blbdrive - ok
16:31:49.0570 0x06fc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:31:49.0580 0x06fc Bonjour Service - ok
16:31:49.0626 0x06fc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:31:49.0635 0x06fc bowser - ok
16:31:49.0653 0x06fc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:31:49.0660 0x06fc BrFiltLo - ok
16:31:49.0675 0x06fc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:31:49.0682 0x06fc BrFiltUp - ok
16:31:49.0719 0x06fc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:31:49.0723 0x06fc Browser - ok
16:31:49.0742 0x06fc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:31:49.0757 0x06fc Brserid - ok
16:31:49.0775 0x06fc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:49.0783 0x06fc BrSerWdm - ok
16:31:49.0791 0x06fc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:49.0799 0x06fc BrUsbMdm - ok
16:31:49.0811 0x06fc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:49.0819 0x06fc BrUsbSer - ok
16:31:49.0828 0x06fc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:31:49.0853 0x06fc BTHMODEM - ok
16:31:49.0885 0x06fc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:31:49.0889 0x06fc bthserv - ok
16:31:49.0917 0x06fc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:31:49.0921 0x06fc cdfs - ok
16:31:49.0948 0x06fc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:31:49.0952 0x06fc cdrom - ok
16:31:49.0976 0x06fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:31:49.0981 0x06fc CertPropSvc - ok
16:31:50.0012 0x06fc [ 35584BC0CF9B9F3CDA830396C4DEB6DB, 34D283CC7F5BEF00CF01C749427B8C07895A97F6C7D84740458DD8A4DF1120E2 ] cfwids C:\Windows\system32\drivers\cfwids.sys
16:31:50.0022 0x06fc cfwids - ok
16:31:50.0033 0x06fc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:31:50.0045 0x06fc circlass - ok
16:31:50.0085 0x06fc [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
16:31:50.0094 0x06fc CLFS - ok
16:31:50.0146 0x06fc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:50.0150 0x06fc clr_optimization_v2.0.50727_32 - ok
16:31:50.0170 0x06fc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:50.0174 0x06fc clr_optimization_v2.0.50727_64 - ok
16:31:50.0222 0x06fc [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:50.0317 0x06fc clr_optimization_v4.0.30319_32 - ok
16:31:50.0332 0x06fc [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:50.0376 0x06fc clr_optimization_v4.0.30319_64 - ok
16:31:50.0398 0x06fc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:31:50.0407 0x06fc CmBatt - ok
16:31:50.0439 0x06fc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:31:50.0447 0x06fc cmdide - ok
16:31:50.0502 0x06fc [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
16:31:50.0513 0x06fc CNG - ok
16:31:50.0583 0x06fc [ 1635CED9C1FB6182B11BD62AA4F744B6, E781DADC786E07731F15DA2C6701B1426CAFC45F28FFEB7CD4BB546E4CDE1869 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:31:50.0659 0x06fc CnxtHdAudService - ok
16:31:50.0687 0x06fc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:31:50.0695 0x06fc Compbatt - ok
16:31:50.0718 0x06fc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:31:50.0721 0x06fc CompositeBus - ok
16:31:50.0725 0x06fc COMSysApp - ok
16:31:50.0804 0x06fc [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:31:50.0812 0x06fc cphs - ok
16:31:50.0823 0x06fc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:31:50.0836 0x06fc crcdisk - ok
16:31:50.0890 0x06fc [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:31:50.0895 0x06fc CryptSvc - ok
16:31:50.0938 0x06fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:31:50.0950 0x06fc DcomLaunch - ok
16:31:51.0000 0x06fc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:31:51.0009 0x06fc defragsvc - ok
16:31:51.0061 0x06fc [ A97BD43C2628D7274C88A3B4CE785EFB, F85B074A291BC3D63DFD81EC39FBDB1EECDF86A33A1AB7580624EEAF6337DE63 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
16:31:51.0065 0x06fc DellDigitalDelivery - ok
16:31:51.0081 0x06fc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:31:51.0086 0x06fc DfsC - ok
16:31:51.0108 0x06fc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:31:51.0116 0x06fc Dhcp - ok
16:31:51.0201 0x06fc [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
16:31:51.0236 0x06fc DiagTrack - ok
16:31:51.0267 0x06fc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:31:51.0270 0x06fc discache - ok
16:31:51.0289 0x06fc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:31:51.0293 0x06fc Disk - ok
16:31:51.0323 0x06fc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:31:51.0328 0x06fc Dnscache - ok
16:31:51.0345 0x06fc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:31:51.0352 0x06fc dot3svc - ok
16:31:51.0364 0x06fc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:31:51.0370 0x06fc DPS - ok
16:31:51.0399 0x06fc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:31:51.0403 0x06fc drmkaud - ok
16:31:51.0449 0x06fc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:31:51.0469 0x06fc DXGKrnl - ok
16:31:51.0503 0x06fc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:31:51.0508 0x06fc EapHost - ok
16:31:51.0625 0x06fc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:31:51.0744 0x06fc ebdrv - ok
16:31:51.0795 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS C:\Windows\System32\lsass.exe
16:31:51.0798 0x06fc EFS - ok
16:31:51.0856 0x06fc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:31:51.0874 0x06fc ehRecvr - ok
16:31:51.0889 0x06fc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:31:51.0900 0x06fc ehSched - ok
16:31:51.0931 0x06fc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:31:51.0955 0x06fc elxstor - ok
16:31:51.0974 0x06fc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:31:51.0981 0x06fc ErrDev - ok
16:31:52.0022 0x06fc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:31:52.0033 0x06fc EventSystem - ok
16:31:52.0048 0x06fc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:31:52.0053 0x06fc exfat - ok
16:31:52.0070 0x06fc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:31:52.0076 0x06fc fastfat - ok
16:31:52.0118 0x06fc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:31:52.0134 0x06fc Fax - ok
16:31:52.0152 0x06fc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:31:52.0159 0x06fc fdc - ok
16:31:52.0177 0x06fc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:31:52.0180 0x06fc fdPHost - ok
16:31:52.0194 0x06fc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:31:52.0196 0x06fc FDResPub - ok
16:31:52.0207 0x06fc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:31:52.0211 0x06fc FileInfo - ok
16:31:52.0224 0x06fc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:31:52.0227 0x06fc Filetrace - ok
16:31:52.0244 0x06fc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:31:52.0246 0x06fc flpydisk - ok
16:31:52.0264 0x06fc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:31:52.0273 0x06fc FltMgr - ok
16:31:52.0342 0x06fc [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
16:31:52.0375 0x06fc FontCache - ok
16:31:52.0441 0x06fc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:31:52.0443 0x06fc FontCache3.0.0.0 - ok
16:31:52.0456 0x06fc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:31:52.0459 0x06fc FsDepends - ok
16:31:52.0483 0x06fc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:31:52.0485 0x06fc Fs_Rec - ok
16:31:52.0522 0x06fc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:31:52.0528 0x06fc fvevol - ok
16:31:52.0546 0x06fc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:31:52.0554 0x06fc gagp30kx - ok
16:31:52.0588 0x06fc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:31:52.0601 0x06fc GEARAspiWDM - ok
16:31:52.0661 0x06fc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:31:52.0679 0x06fc gpsvc - ok
16:31:52.0772 0x06fc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:52.0776 0x06fc gupdate - ok
16:31:52.0783 0x06fc [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:52.0786 0x06fc gupdatem - ok
16:31:52.0802 0x06fc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:31:52.0822 0x06fc hcw85cir - ok
16:31:52.0849 0x06fc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:31:52.0854 0x06fc HDAudBus - ok
16:31:52.0888 0x06fc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:31:52.0895 0x06fc HidBatt - ok
16:31:52.0908 0x06fc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:31:52.0917 0x06fc HidBth - ok
16:31:52.0928 0x06fc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:31:52.0939 0x06fc HidIr - ok
16:31:52.0958 0x06fc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:31:52.0961 0x06fc hidserv - ok
16:31:52.0994 0x06fc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:31:52.0997 0x06fc HidUsb - ok
16:31:53.0025 0x06fc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:31:53.0030 0x06fc hkmsvc - ok
16:31:53.0052 0x06fc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:31:53.0058 0x06fc HomeGroupListener - ok
16:31:53.0077 0x06fc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:31:53.0083 0x06fc HomeGroupProvider - ok
16:31:53.0186 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
16:31:53.0192 0x06fc HomeNetSvc - ok
16:31:53.0208 0x06fc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:31:53.0217 0x06fc HpSAMD - ok
16:31:53.0270 0x06fc [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:31:53.0285 0x06fc HTTP - ok
16:31:53.0312 0x06fc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:31:53.0314 0x06fc hwpolicy - ok
16:31:53.0334 0x06fc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:31:53.0339 0x06fc i8042prt - ok
16:31:53.0376 0x06fc [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:31:53.0387 0x06fc iaStor - ok
16:31:53.0468 0x06fc [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:31:53.0471 0x06fc IAStorDataMgrSvc - ok
16:31:53.0509 0x06fc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:31:53.0525 0x06fc iaStorV - ok
16:31:53.0604 0x06fc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:31:53.0624 0x06fc idsvc - ok
16:31:53.0647 0x06fc IEEtwCollectorService - ok
16:31:53.0846 0x06fc [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:31:54.0048 0x06fc igfx - ok
16:31:54.0097 0x06fc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:31:54.0108 0x06fc iirsp - ok
16:31:54.0173 0x06fc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:31:54.0191 0x06fc IKEEXT - ok
16:31:54.0227 0x06fc [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:31:54.0243 0x06fc IntcDAud - ok
16:31:54.0291 0x06fc [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
16:31:54.0304 0x06fc Intel(R) Capability Licensing Service Interface - ok
16:31:54.0337 0x06fc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:31:54.0359 0x06fc intelide - ok
16:31:54.0387 0x06fc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:31:54.0390 0x06fc intelppm - ok
16:31:54.0424 0x06fc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:31:54.0429 0x06fc IPBusEnum - ok
16:31:54.0460 0x06fc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:54.0465 0x06fc IpFilterDriver - ok
16:31:54.0522 0x06fc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:31:54.0536 0x06fc iphlpsvc - ok
16:31:54.0566 0x06fc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:31:54.0578 0x06fc IPMIDRV - ok
16:31:54.0596 0x06fc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:31:54.0603 0x06fc IPNAT - ok
16:31:54.0668 0x06fc [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:31:54.0681 0x06fc iPod Service - ok
16:31:54.0713 0x06fc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:31:54.0716 0x06fc IRENUM - ok
16:31:54.0726 0x06fc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:31:54.0736 0x06fc isapnp - ok
16:31:54.0780 0x06fc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:31:54.0787 0x06fc iScsiPrt - ok
16:31:54.0815 0x06fc [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:31:54.0821 0x06fc iusb3hcs - ok
16:31:54.0844 0x06fc [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:31:54.0862 0x06fc iusb3hub - ok
16:31:54.0921 0x06fc [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:31:54.0951 0x06fc iusb3xhc - ok
16:31:54.0978 0x06fc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:31:54.0981 0x06fc kbdclass - ok
16:31:54.0992 0x06fc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:31:54.0996 0x06fc kbdhid - ok
16:31:55.0008 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso C:\Windows\system32\lsass.exe
16:31:55.0011 0x06fc KeyIso - ok
16:31:55.0045 0x06fc [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:31:55.0049 0x06fc KSecDD - ok
16:31:55.0063 0x06fc [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:31:55.0070 0x06fc KSecPkg - ok
16:31:55.0079 0x06fc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:31:55.0082 0x06fc ksthunk - ok
16:31:55.0108 0x06fc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:31:55.0117 0x06fc KtmRm - ok
16:31:55.0145 0x06fc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:31:55.0153 0x06fc LanmanServer - ok
16:31:55.0174 0x06fc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:31:55.0180 0x06fc LanmanWorkstation - ok
16:31:55.0213 0x06fc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:31:55.0216 0x06fc lltdio - ok
16:31:55.0246 0x06fc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:31:55.0253 0x06fc lltdsvc - ok
16:31:55.0262 0x06fc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:31:55.0267 0x06fc lmhosts - ok
16:31:55.0319 0x06fc [ 8D82CBBF5A8532D9A21A64BBCB774EE7, 30D6477EA4B47D50F05E3435A68113B3676CA24EF51CC2693353C2224D28D2BB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:31:55.0325 0x06fc LMS - ok
16:31:55.0345 0x06fc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:31:55.0354 0x06fc LSI_FC - ok
16:31:55.0385 0x06fc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:31:55.0394 0x06fc LSI_SAS - ok
16:31:55.0438 0x06fc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:31:55.0447 0x06fc LSI_SAS2 - ok
16:31:55.0463 0x06fc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:31:55.0480 0x06fc LSI_SCSI - ok
16:31:55.0504 0x06fc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:31:55.0508 0x06fc luafv - ok
16:31:55.0535 0x06fc [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:31:55.0543 0x06fc MBAMProtector - ok
16:31:55.0635 0x06fc [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:31:55.0670 0x06fc MBAMService - ok
16:31:55.0714 0x06fc [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:31:55.0731 0x06fc MBAMWebAccessControl - ok
16:31:55.0818 0x06fc [ 278E661D8D5DC7FEF3932DB1698E1BBB, 5D9BC30321E6DC6FADF83E5272316EBEFB99244AB0CAD41F28DA9AAA2E30DA6C ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
16:31:55.0832 0x06fc McAPExe - ok
16:31:55.0859 0x06fc [ 9504F1DDA1B67FB8D526FD4F8CC882F3, 99B35D5B8879B556CD0D1825F7AECC1124FFAD3EB39C10B77B7522E145FC00B3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
16:31:55.0865 0x06fc McAWFwk - ok
16:31:55.0982 0x06fc [ 794E2A657BD4EC51771893346F6B9431, AE979FE1E0BF333A1E2DC49FD3F0B52045C5E639D95996F5F354E3582EA27811 ] mccspsvc C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
16:31:55.0986 0x06fc mccspsvc - ok
16:31:56.0039 0x06fc [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:31:56.0044 0x06fc McOobeSv - ok
16:31:56.0091 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] mcpltsvc C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
16:31:56.0098 0x06fc mcpltsvc - ok
16:31:56.0117 0x06fc [ 689BD2ED76C79F1FAE953A76DEA6FCD9, 5F739CF7668DCC3EBD607AE05BE78B11AB56778B8F3FE29543922FF6EDBE989D ] McProxy C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
16:31:56.0123 0x06fc McProxy - ok
16:31:56.0151 0x06fc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:31:56.0156 0x06fc Mcx2Svc - ok
16:31:56.0182 0x06fc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:31:56.0188 0x06fc megasas - ok
16:31:56.0212 0x06fc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:31:56.0237 0x06fc MegaSR - ok
16:31:56.0270 0x06fc [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:31:56.0281 0x06fc MEIx64 - ok
16:31:56.0314 0x06fc [ 5880E568C905F4A6DD7B0124682AE552, 046E810B807E9EC3190DE5F82BFC1CCA6AE1A49A453240C2066706CE5235AF9C ] mfeaack C:\Windows\system32\drivers\mfeaack.sys
16:31:56.0332 0x06fc mfeaack - ok
16:31:56.0376 0x06fc [ 8522BA5DB3B9D37845ABC0F28B0292B2, BADE7EC1329018FAAF30604000619AC3136B93F386C727D778E1E4EB0E67315D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:31:56.0391 0x06fc mfeavfk - ok
16:31:56.0435 0x06fc [ 983CA8E34131695D6DE810990CE8FF69, C6BC27000C1EB8638AC1A8E2B8884FC71FAD667E0BB850E305C7DE77EBA5306D ] mfedisk C:\Windows\system32\DRIVERS\mfedisk.sys
16:31:56.0447 0x06fc mfedisk - ok
16:31:56.0509 0x06fc [ 2AD2774662724B3BE9CFF9A59027F230, F7DDBD2FEE5F74DE73EA710CC847CFAD101E0246FAF48AAC74A95619F40F91F2 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:31:56.0514 0x06fc mfefire - ok
16:31:56.0555 0x06fc [ 7B4D31713AAA449CB7A55C65A0CB701A, 95CE542F6C9EE67A7C7CFD96579B81B31EEDBBE54FD82F7E63254E248975A99E ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
16:31:56.0576 0x06fc mfefirek - ok
16:31:56.0672 0x06fc [ AB88A9E16450DD1F1D74368F832DC695, DB84BB0F9CB085239A6D39CE79760CCC060B8A2295F38B4B51731921DA018239 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:31:56.0703 0x06fc mfehidk - ok
16:31:56.0752 0x06fc [ D4DAE8254FE5C1FDFC002C276CCFDF51, 81767CF5F609F5A0FFF0CF8876B9EF20579A03E60EA5FD3ACFF17922F0046428 ] mfemms C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
16:31:56.0760 0x06fc mfemms - ok
16:31:56.0779 0x06fc [ C51B7DE45CE780E515A49F5D0B46C472, 998A95E298B0CA1345D12C59B54EABB5ABB89A87870E024F4FD8EC58AC2C6556 ] mfevtp C:\Windows\system32\mfevtps.exe
16:31:56.0784 0x06fc mfevtp - ok
16:31:56.0801 0x06fc [ F265F0B2134A3C2896F56B1FD4D55F77, 202C6AE68FA4E1DFFB4C8333EA23A918436131308A0663A929D9B6B46A9ABDB5 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
16:31:56.0820 0x06fc mfewfpk - ok
16:31:56.0885 0x06fc [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:31:56.0887 0x06fc Microsoft Office Groove Audit Service - ok
16:31:56.0908 0x06fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:31:56.0912 0x06fc MMCSS - ok
16:31:56.0928 0x06fc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:31:56.0931 0x06fc Modem - ok
16:31:56.0963 0x06fc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:31:56.0967 0x06fc monitor - ok
16:31:57.0001 0x06fc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:31:57.0006 0x06fc mouclass - ok
16:31:57.0031 0x06fc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:31:57.0036 0x06fc mouhid - ok
16:31:57.0076 0x06fc [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:31:57.0080 0x06fc mountmgr - ok
16:31:57.0090 0x06fc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:31:57.0107 0x06fc mpio - ok
16:31:57.0122 0x06fc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:31:57.0125 0x06fc mpsdrv - ok
16:31:57.0158 0x06fc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:31:57.0179 0x06fc MpsSvc - ok
16:31:57.0204 0x06fc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:31:57.0208 0x06fc MRxDAV - ok
16:31:57.0249 0x06fc [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:57.0254 0x06fc mrxsmb - ok
16:31:57.0272 0x06fc [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:57.0280 0x06fc mrxsmb10 - ok
16:31:57.0302 0x06fc [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:57.0307 0x06fc mrxsmb20 - ok
16:31:57.0338 0x06fc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:31:57.0349 0x06fc msahci - ok
16:31:57.0354 0x06fc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:31:57.0392 0x06fc msdsm - ok
16:31:57.0417 0x06fc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:31:57.0421 0x06fc MSDTC - ok
16:31:57.0436 0x06fc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:31:57.0440 0x06fc Msfs - ok
16:31:57.0466 0x06fc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:31:57.0469 0x06fc mshidkmdf - ok
16:31:57.0492 0x06fc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:31:57.0494 0x06fc msisadrv - ok
16:31:57.0528 0x06fc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:31:57.0533 0x06fc MSiSCSI - ok
16:31:57.0539 0x06fc msiserver - ok
16:31:57.0554 0x06fc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:31:57.0556 0x06fc MSKSSRV - ok
16:31:57.0569 0x06fc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:57.0573 0x06fc MSPCLOCK - ok
16:31:57.0585 0x06fc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:31:57.0587 0x06fc MSPQM - ok
16:31:57.0612 0x06fc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:31:57.0621 0x06fc MsRPC - ok
16:31:57.0630 0x06fc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:31:57.0634 0x06fc mssmbios - ok
16:31:57.0643 0x06fc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:31:57.0646 0x06fc MSTEE - ok
16:31:57.0667 0x06fc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:31:57.0676 0x06fc MTConfig - ok
16:31:57.0695 0x06fc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:31:57.0700 0x06fc Mup - ok
16:31:57.0738 0x06fc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:31:57.0748 0x06fc napagent - ok
16:31:57.0779 0x06fc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:31:57.0788 0x06fc NativeWifiP - ok
16:31:57.0890 0x06fc [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
16:31:57.0905 0x06fc NAUpdate - ok
16:31:57.0990 0x06fc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:31:58.0009 0x06fc NDIS - ok
16:31:58.0041 0x06fc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:58.0044 0x06fc NdisCap - ok
16:31:58.0061 0x06fc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:58.0064 0x06fc NdisTapi - ok
16:31:58.0079 0x06fc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:58.0082 0x06fc Ndisuio - ok
16:31:58.0094 0x06fc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:58.0099 0x06fc NdisWan - ok
16:31:58.0128 0x06fc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:31:58.0131 0x06fc NDProxy - ok
16:31:58.0143 0x06fc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:31:58.0147 0x06fc NetBIOS - ok
16:31:58.0162 0x06fc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:31:58.0169 0x06fc NetBT - ok
16:31:58.0181 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon C:\Windows\system32\lsass.exe
16:31:58.0183 0x06fc Netlogon - ok
16:31:58.0211 0x06fc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:31:58.0219 0x06fc Netman - ok
16:31:58.0259 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0263 0x06fc NetMsmqActivator - ok
16:31:58.0271 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0275 0x06fc NetPipeActivator - ok
16:31:58.0298 0x06fc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:31:58.0312 0x06fc netprofm - ok
16:31:58.0320 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0323 0x06fc NetTcpActivator - ok
16:31:58.0330 0x06fc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:58.0336 0x06fc NetTcpPortSharing - ok
16:31:58.0363 0x06fc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:31:58.0376 0x06fc nfrd960 - ok
16:31:58.0417 0x06fc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:31:58.0425 0x06fc NlaSvc - ok
16:31:58.0530 0x06fc [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
16:31:58.0609 0x06fc NOBU - ok
16:31:58.0654 0x06fc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:31:58.0656 0x06fc Npfs - ok
16:31:58.0663 0x06fc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:31:58.0666 0x06fc nsi - ok
16:31:58.0676 0x06fc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:31:58.0680 0x06fc nsiproxy - ok
16:31:58.0751 0x06fc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:31:58.0802 0x06fc Ntfs - ok
16:31:58.0837 0x06fc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:31:58.0845 0x06fc Null - ok
16:31:58.0875 0x06fc [ A4247F976E40B5C23273631153D97D58, B12A899C624D05701A68EE89458E0C953AA8488C3C0533C7702BB3DE8C383519 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:31:58.0886 0x06fc NVHDA - ok
16:31:59.0228 0x06fc [ F4269CD67AD5141BBCD6652682ED6758, FE67E8513E40ED3BF128A14688431296DCBA2C50C4AB248D487D6D5EA0066448 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:31:59.0614 0x06fc nvlddmkm - ok
16:31:59.0654 0x06fc [ E1BCDE56B04D424F4F2DF4865DAB2ECF, 1227A79CC11593CBD13E063F1309CC84E9DBDA01EF74CEBBBD1A1847D4ABF170 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:31:59.0665 0x06fc nvpciflt - ok
16:31:59.0690 0x06fc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:31:59.0700 0x06fc nvraid - ok
16:31:59.0719 0x06fc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:31:59.0735 0x06fc nvstor - ok
16:31:59.0786 0x06fc [ 6E41E4F9E9FCEFDB7EC0202AC08DFAF1, FE01AE6987DC826B77DEEDBC3B73F26F61B966330FB159E54960189DBFBF3F3F ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
16:31:59.0829 0x06fc NvStUSB - ok
16:31:59.0913 0x06fc [ 138AEEC8C947C3BBD6180BB327627325, 50F5353476AF9A2555EE0AA3D97101D5205CFE9B34AF254C64A85498A49D4878 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:31:59.0933 0x06fc nvsvc - ok
16:32:00.0001 0x06fc [ CC115D6E16C16B288E7EB3EDEA05AE90, 1E50C15DCBAC6277A01EDFBEA6BD36F5A5F1BB3887C0CF5DF02E074AC62841DC ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:32:00.0044 0x06fc nvUpdatusService - ok
16:32:00.0052 0x06fc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:32:00.0062 0x06fc nv_agp - ok
16:32:00.0143 0x06fc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:32:00.0153 0x06fc odserv - ok
16:32:00.0167 0x06fc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:32:00.0178 0x06fc ohci1394 - ok
16:32:00.0225 0x06fc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:00.0229 0x06fc ose - ok
16:32:00.0265 0x06fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:32:00.0276 0x06fc p2pimsvc - ok
16:32:00.0296 0x06fc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:32:00.0309 0x06fc p2psvc - ok
16:32:00.0326 0x06fc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:32:00.0339 0x06fc Parport - ok
16:32:00.0374 0x06fc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:32:00.0377 0x06fc partmgr - ok
16:32:00.0423 0x06fc [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:32:00.0428 0x06fc PcaSvc - ok
16:32:00.0462 0x06fc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:32:00.0468 0x06fc pci - ok
16:32:00.0506 0x06fc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:32:00.0509 0x06fc pciide - ok
16:32:00.0545 0x06fc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:32:00.0577 0x06fc pcmcia - ok
16:32:00.0618 0x06fc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:32:00.0620 0x06fc pcw - ok
16:32:00.0650 0x06fc [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:32:00.0664 0x06fc PEAUTH - ok
16:32:00.0774 0x06fc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:32:00.0777 0x06fc PerfHost - ok
16:32:00.0824 0x06fc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:32:00.0868 0x06fc pla - ok
16:32:00.0914 0x06fc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:32:00.0923 0x06fc PlugPlay - ok
16:32:00.0930 0x06fc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:32:00.0936 0x06fc PNRPAutoReg - ok
16:32:00.0956 0x06fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:32:00.0964 0x06fc PNRPsvc - ok
16:32:00.0995 0x06fc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:32:01.0009 0x06fc PolicyAgent - ok
16:32:01.0041 0x06fc [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
16:32:01.0047 0x06fc Power - ok
16:32:01.0082 0x06fc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:32:01.0086 0x06fc PptpMiniport - ok
16:32:01.0103 0x06fc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:32:01.0124 0x06fc Processor - ok
16:32:01.0156 0x06fc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB821147
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Aug 29, 2015 8:29 am    Post subject: Reply with quote

Quote:
C:/users/ian/outlook/outlook.pst->message.5056"Social Security Administration [Review your Annual Social Security Statement]"[2010/07/31 05:39:27] Attachment.6513:"statement.zip"->statement.exe
That appears to be an email in your Outlook account, do you see any emails in there possible from an unknown sender?
It will have an attachment within it.


The TDSSKiller log you posted has been cut off by the forum post limiter.
Please post the last 20 lines of the log, the log will be on your C Drive and will look similar to this.
Quote:
C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt

Do not run the scan again, post this log.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sun Aug 30, 2015 10:19 am    Post subject: Reply with quote

I have carried out a search for "social " or "security" in Outlook but found no email.

Rest of TDSS log as requested

16:32:01.0124 0x06fc Processor - ok
16:32:01.0156 0x06fc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
16:32:01.0163 0x06fc ProfSvc - ok
16:32:01.0178 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:32:01.0181 0x06fc ProtectedStorage - ok
16:32:01.0192 0x06fc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:32:01.0196 0x06fc Psched - ok
16:32:01.0261 0x06fc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:32:01.0353 0x06fc ql2300 - ok
16:32:01.0381 0x06fc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:32:01.0390 0x06fc ql40xx - ok
16:32:01.0408 0x06fc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:32:01.0415 0x06fc QWAVE - ok
16:32:01.0428 0x06fc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:32:01.0432 0x06fc QWAVEdrv - ok
16:32:01.0608 0x06fc [ 6DB9F0A43E5CF499EF663B0F0CAA1CE6, 4B16611B7EE4427DB5D70CD2A80C8A18C292E0EC1A095DA707E98EA0D7E48EE8 ] RapportCerberus_1507065 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys
16:32:01.0629 0x06fc RapportCerberus_1507065 - ok
16:32:01.0739 0x06fc [ 7C74CD4BBB2E6709CFA8C141092E87C5, 50899918414D434D78F3C01DB100C4F1E5BFA6E54A06ABA2F548F4460142B0A6 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:32:01.0755 0x06fc RapportEI64 - ok
16:32:01.0792 0x06fc [ 6D640838CA149D0F9F6AFB4C32DBAD5D, 93471AD3008DAD80C274E798970A03B2FEDAFD6C3AFE0E155695F21EE6378626 ] RapportHades64 C:\Windows\system32\Drivers\RapportHades64.sys
16:32:01.0797 0x06fc RapportHades64 - ok
16:32:01.0858 0x06fc [ 5AC9AE7A382B7C3C3BBA5E97971DC9D3, 2159D6AB9F133DE2399ADA8C4ED3074A6F16C9CA50A2151F7384143D5FA5F150 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
16:32:01.0868 0x06fc RapportKE64 - ok
16:32:01.0948 0x06fc [ 35C5AE2CA4EB1CD4A5149A43A423A52A, 24BD604D428ABF5BEF72500964A4DD8BFA01EBC80240D63345B75842521E4221 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
16:32:02.0041 0x06fc RapportMgmtService - ok
16:32:02.0116 0x06fc [ 75404D322B6F1532686FB0270A70EBFD, D1EAB3B091772AE2BA4279293211F1D66EA1B286F32018F5F8ACBD5B82B0117F ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:32:02.0129 0x06fc RapportPG64 - ok
16:32:02.0151 0x06fc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:32:02.0153 0x06fc RasAcd - ok
16:32:02.0187 0x06fc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:32:02.0190 0x06fc RasAgileVpn - ok
16:32:02.0232 0x06fc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:32:02.0238 0x06fc RasAuto - ok
16:32:02.0264 0x06fc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:32:02.0269 0x06fc Rasl2tp - ok
16:32:02.0285 0x06fc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:32:02.0294 0x06fc RasMan - ok
16:32:02.0315 0x06fc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:32:02.0319 0x06fc RasPppoe - ok
16:32:02.0336 0x06fc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:32:02.0341 0x06fc RasSstp - ok
16:32:02.0367 0x06fc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:32:02.0376 0x06fc rdbss - ok
16:32:02.0390 0x06fc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:32:02.0396 0x06fc rdpbus - ok
16:32:02.0409 0x06fc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:32:02.0411 0x06fc RDPCDD - ok
16:32:02.0418 0x06fc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:32:02.0419 0x06fc RDPENCDD - ok
16:32:02.0425 0x06fc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:32:02.0428 0x06fc RDPREFMP - ok
16:32:02.0523 0x06fc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:32:02.0525 0x06fc RdpVideoMiniport - ok
16:32:02.0563 0x06fc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:32:02.0596 0x06fc RDPWD - ok
16:32:02.0628 0x06fc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:32:02.0634 0x06fc rdyboost - ok
16:32:02.0659 0x06fc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:32:02.0664 0x06fc RemoteAccess - ok
16:32:02.0689 0x06fc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:32:02.0695 0x06fc RemoteRegistry - ok
16:32:02.0717 0x06fc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:32:02.0720 0x06fc RpcEptMapper - ok
16:32:02.0743 0x06fc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:32:02.0746 0x06fc RpcLocator - ok
16:32:02.0768 0x06fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:32:02.0780 0x06fc RpcSs - ok
16:32:02.0808 0x06fc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:32:02.0811 0x06fc rspndr - ok
16:32:02.0846 0x06fc [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:32:02.0865 0x06fc RTL8167 - ok
16:32:02.0876 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs C:\Windows\system32\lsass.exe
16:32:02.0879 0x06fc SamSs - ok
16:32:02.0900 0x06fc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:32:02.0914 0x06fc sbp2port - ok
16:32:02.0940 0x06fc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:32:02.0947 0x06fc SCardSvr - ok
16:32:02.0954 0x06fc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:32:02.0956 0x06fc scfilter - ok
16:32:02.0992 0x06fc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:32:03.0015 0x06fc Schedule - ok
16:32:03.0039 0x06fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:32:03.0041 0x06fc SCPolicySvc - ok
16:32:03.0055 0x06fc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:32:03.0060 0x06fc SDRSVC - ok
16:32:03.0203 0x06fc [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
16:32:03.0302 0x06fc SDScannerService - ok
16:32:03.0357 0x06fc [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:32:03.0377 0x06fc SDUpdateService - ok
16:32:03.0395 0x06fc [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:32:03.0401 0x06fc SDWSCService - ok
16:32:03.0429 0x06fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:32:03.0438 0x06fc secdrv - ok
16:32:03.0450 0x06fc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:32:03.0454 0x06fc seclogon - ok
16:32:03.0481 0x06fc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:32:03.0486 0x06fc SENS - ok
16:32:03.0493 0x06fc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:32:03.0497 0x06fc SensrSvc - ok
16:32:03.0519 0x06fc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:32:03.0550 0x06fc Serenum - ok
16:32:03.0595 0x06fc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
16:32:03.0608 0x06fc Serial - ok
16:32:03.0620 0x06fc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:32:03.0622 0x06fc sermouse - ok
16:32:03.0648 0x06fc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:32:03.0653 0x06fc SessionEnv - ok
16:32:03.0671 0x06fc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:32:03.0678 0x06fc sffdisk - ok
16:32:03.0691 0x06fc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:32:03.0696 0x06fc sffp_mmc - ok
16:32:03.0701 0x06fc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:32:03.0709 0x06fc sffp_sd - ok
16:32:03.0726 0x06fc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:32:03.0734 0x06fc sfloppy - ok
16:32:03.0821 0x06fc [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:32:03.0871 0x06fc SftService - ok
16:32:03.0915 0x06fc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:32:03.0924 0x06fc SharedAccess - ok
16:32:03.0948 0x06fc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:32:03.0957 0x06fc ShellHWDetection - ok
16:32:03.0973 0x06fc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:32:03.0982 0x06fc SiSRaid2 - ok
16:32:03.0999 0x06fc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:32:04.0021 0x06fc SiSRaid4 - ok
16:32:04.0081 0x06fc [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:32:04.0086 0x06fc SkypeUpdate - ok
16:32:04.0112 0x06fc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:32:04.0116 0x06fc Smb - ok
16:32:04.0133 0x06fc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:32:04.0137 0x06fc SNMPTRAP - ok
16:32:04.0148 0x06fc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:32:04.0150 0x06fc spldr - ok
16:32:04.0207 0x06fc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:32:04.0222 0x06fc Spooler - ok
16:32:04.0324 0x06fc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:32:04.0411 0x06fc sppsvc - ok
16:32:04.0425 0x06fc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:32:04.0429 0x06fc sppuinotify - ok
16:32:04.0468 0x06fc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:32:04.0479 0x06fc srv - ok
16:32:04.0497 0x06fc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:32:04.0508 0x06fc srv2 - ok
16:32:04.0521 0x06fc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:32:04.0526 0x06fc srvnet - ok
16:32:04.0542 0x06fc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:32:04.0549 0x06fc SSDPSRV - ok
16:32:04.0559 0x06fc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:32:04.0563 0x06fc SstpSvc - ok
16:32:04.0637 0x06fc [ 40356C93EB28C97111A63F4893CC7E3E, 75C82024B955ED82F0E20A6AF9524FD95A4A40D18DEF6FB6CC1C061FF0163421 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:32:04.0646 0x06fc Stereo Service - ok
16:32:04.0662 0x06fc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:32:04.0676 0x06fc stexstor - ok
16:32:04.0732 0x06fc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:32:04.0747 0x06fc stisvc - ok
16:32:04.0788 0x06fc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:32:04.0795 0x06fc swenum - ok
16:32:04.0820 0x06fc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:32:04.0835 0x06fc swprv - ok
16:32:04.0923 0x06fc [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
16:32:04.0972 0x06fc SysMain - ok
16:32:05.0032 0x06fc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:32:05.0038 0x06fc TabletInputService - ok
16:32:05.0054 0x06fc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:32:05.0062 0x06fc TapiSrv - ok
16:32:05.0082 0x06fc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:32:05.0086 0x06fc TBS - ok
16:32:05.0177 0x06fc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:32:05.0239 0x06fc Tcpip - ok
16:32:05.0345 0x06fc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:32:05.0378 0x06fc TCPIP6 - ok
16:32:05.0418 0x06fc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:32:05.0421 0x06fc tcpipreg - ok
16:32:05.0442 0x06fc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:32:05.0444 0x06fc TDPIPE - ok
16:32:05.0476 0x06fc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:32:05.0479 0x06fc TDTCP - ok
16:32:05.0496 0x06fc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:32:05.0503 0x06fc tdx - ok
16:32:05.0519 0x06fc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:32:05.0522 0x06fc TermDD - ok
16:32:05.0572 0x06fc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
16:32:05.0588 0x06fc TermService - ok
16:32:05.0599 0x06fc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:32:05.0604 0x06fc Themes - ok
16:32:05.0624 0x06fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:32:05.0627 0x06fc THREADORDER - ok
16:32:05.0704 0x06fc [ 3B43F4F67F3C539C3BBF40A552A12B5E, 565593B9AD01CA02205FC53F6B8A8955CB26901397C3581C3C514F01B69B86BD ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:32:05.0707 0x06fc TomTomHOMEService - ok
16:32:05.0723 0x06fc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:32:05.0727 0x06fc TrkWks - ok
16:32:05.0764 0x06fc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:32:05.0769 0x06fc TrustedInstaller - ok
16:32:05.0810 0x06fc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:32:05.0813 0x06fc tssecsrv - ok
16:32:05.0854 0x06fc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:32:05.0857 0x06fc TsUsbFlt - ok
16:32:05.0877 0x06fc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:32:05.0899 0x06fc TsUsbGD - ok
16:32:05.0949 0x06fc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:32:05.0953 0x06fc tunnel - ok
16:32:05.0969 0x06fc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:32:05.0980 0x06fc uagp35 - ok
16:32:06.0002 0x06fc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:32:06.0010 0x06fc udfs - ok
16:32:06.0030 0x06fc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:32:06.0037 0x06fc UI0Detect - ok
16:32:06.0053 0x06fc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:32:06.0061 0x06fc uliagpkx - ok
16:32:06.0078 0x06fc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:32:06.0081 0x06fc umbus - ok
16:32:06.0099 0x06fc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:32:06.0107 0x06fc UmPass - ok
16:32:06.0183 0x06fc [ 875A3B86D821151C84A4DFD40309C72D, FB251A3180F829B086C007807B68D7918276FEDB33618BB22C28A3DCEAFB751E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:32:06.0189 0x06fc UNS - ok
16:32:06.0206 0x06fc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:32:06.0215 0x06fc upnphost - ok
16:32:06.0249 0x06fc [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:32:06.0257 0x06fc USBAAPL64 - ok
16:32:06.0281 0x06fc [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:32:06.0285 0x06fc usbccgp - ok
16:32:06.0305 0x06fc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:32:06.0317 0x06fc usbcir - ok
16:32:06.0348 0x06fc [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:32:06.0351 0x06fc usbehci - ok
16:32:06.0390 0x06fc [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:32:06.0400 0x06fc usbhub - ok
16:32:06.0418 0x06fc [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:32:06.0420 0x06fc usbohci - ok
16:32:06.0435 0x06fc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:32:06.0439 0x06fc usbprint - ok
16:32:06.0461 0x06fc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
16:32:06.0475 0x06fc usbscan - ok
16:32:06.0496 0x06fc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:32:06.0500 0x06fc USBSTOR - ok
16:32:06.0527 0x06fc [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:32:06.0529 0x06fc usbuhci - ok
16:32:06.0554 0x06fc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:32:06.0558 0x06fc UxSms - ok
16:32:06.0572 0x06fc [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc C:\Windows\system32\lsass.exe
16:32:06.0575 0x06fc VaultSvc - ok
16:32:06.0597 0x06fc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:32:06.0602 0x06fc vdrvroot - ok
16:32:06.0628 0x06fc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:32:06.0640 0x06fc vds - ok
16:32:06.0661 0x06fc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:32:06.0683 0x06fc vga - ok
16:32:06.0709 0x06fc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:32:06.0711 0x06fc VgaSave - ok
16:32:06.0732 0x06fc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:32:06.0749 0x06fc vhdmp - ok
16:32:06.0788 0x06fc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:32:06.0811 0x06fc viaide - ok
16:32:06.0836 0x06fc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:32:06.0841 0x06fc volmgr - ok
16:32:06.0872 0x06fc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:32:06.0881 0x06fc volmgrx - ok
16:32:06.0897 0x06fc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:32:06.0905 0x06fc volsnap - ok
16:32:06.0923 0x06fc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:32:06.0934 0x06fc vsmraid - ok
16:32:06.0992 0x06fc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:32:07.0038 0x06fc VSS - ok
16:32:07.0059 0x06fc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:32:07.0061 0x06fc vwifibus - ok
16:32:07.0085 0x06fc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:32:07.0087 0x06fc vwififlt - ok
16:32:07.0125 0x06fc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:32:07.0127 0x06fc vwifimp - ok
16:32:07.0152 0x06fc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:32:07.0162 0x06fc W32Time - ok
16:32:07.0208 0x06fc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:32:07.0215 0x06fc WacomPen - ok
16:32:07.0244 0x06fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:32:07.0248 0x06fc WANARP - ok
16:32:07.0253 0x06fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:32:07.0255 0x06fc Wanarpv6 - ok
16:32:07.0320 0x06fc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:32:07.0354 0x06fc WatAdminSvc - ok
16:32:07.0431 0x06fc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:32:07.0480 0x06fc wbengine - ok
16:32:07.0528 0x06fc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:32:07.0535 0x06fc WbioSrvc - ok
16:32:07.0557 0x06fc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:32:07.0567 0x06fc wcncsvc - ok
16:32:07.0613 0x06fc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:32:07.0616 0x06fc WcsPlugInService - ok
16:32:07.0628 0x06fc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:32:07.0641 0x06fc Wd - ok
16:32:07.0691 0x06fc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:32:07.0707 0x06fc Wdf01000 - ok
16:32:07.0753 0x06fc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:32:07.0757 0x06fc WdiServiceHost - ok
16:32:07.0762 0x06fc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:32:07.0769 0x06fc WdiSystemHost - ok
16:32:07.0809 0x06fc [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
16:32:07.0816 0x06fc WebClient - ok
16:32:07.0832 0x06fc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:32:07.0840 0x06fc Wecsvc - ok
16:32:07.0854 0x06fc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:32:07.0858 0x06fc wercplsupport - ok
16:32:07.0881 0x06fc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:32:07.0884 0x06fc WerSvc - ok
16:32:07.0908 0x06fc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:32:07.0911 0x06fc WfpLwf - ok
16:32:07.0962 0x06fc [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:32:07.0978 0x06fc WimFltr - ok
16:32:07.0994 0x06fc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:32:07.0997 0x06fc WIMMount - ok
16:32:08.0019 0x06fc WinDefend - ok
16:32:08.0026 0x06fc WinHttpAutoProxySvc - ok
16:32:08.0086 0x06fc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:32:08.0093 0x06fc Winmgmt - ok
16:32:08.0170 0x06fc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
16:32:08.0228 0x06fc WinRM - ok
16:32:08.0275 0x06fc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
16:32:08.0278 0x06fc WinUsb - ok
16:32:08.0311 0x06fc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:32:08.0331 0x06fc Wlansvc - ok
16:32:08.0366 0x06fc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:32:08.0370 0x06fc wlcrasvc - ok
16:32:08.0460 0x06fc [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:32:08.0516 0x06fc wlidsvc - ok
16:32:08.0555 0x06fc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:32:08.0560 0x06fc WmiAcpi - ok
16:32:08.0586 0x06fc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:32:08.0601 0x06fc wmiApSrv - ok
16:32:08.0606 0x06fc WMPNetworkSvc - ok
16:32:08.0643 0x06fc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:32:08.0647 0x06fc WPCSvc - ok
16:32:08.0658 0x06fc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:32:08.0665 0x06fc WPDBusEnum - ok
16:32:08.0679 0x06fc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:32:08.0682 0x06fc ws2ifsl - ok
16:32:08.0694 0x06fc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
16:32:08.0700 0x06fc wscsvc - ok
16:32:08.0706 0x06fc WSearch - ok
16:32:08.0815 0x06fc [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv C:\Windows\system32\wuaueng.dll
16:32:08.0883 0x06fc wuauserv - ok
16:32:08.0922 0x06fc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:32:08.0926 0x06fc WudfPf - ok
16:32:08.0954 0x06fc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
16:32:08.0960 0x06fc WUDFRd - ok
16:32:09.0002 0x06fc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:32:09.0008 0x06fc wudfsvc - ok
16:32:09.0037 0x06fc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:32:09.0044 0x06fc WwanSvc - ok
16:32:09.0081 0x06fc [ 47EB29D06DC0B3C1D19B0B19BBBAD81F, 99DE753BD0B8F4F8F9384F41A2F6B67433A3662BA48F8F127CD8F655EA681DA9 ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
16:32:09.0083 0x06fc ZAtheros Wlan Agent - ok
16:32:09.0103 0x06fc ================ Scan global ===============================
16:32:09.0136 0x06fc [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
16:32:09.0187 0x06fc [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
16:32:09.0198 0x06fc [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
16:32:09.0218 0x06fc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:32:09.0268 0x06fc [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
16:32:09.0277 0x06fc [ Global ] - ok
16:32:09.0278 0x06fc ================ Scan MBR ==================================
16:32:09.0294 0x06fc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:32:09.0450 0x06fc \Device\Harddisk0\DR0 - ok
16:32:09.0451 0x06fc ================ Scan VBR ==================================
16:32:09.0453 0x06fc [ C038B669275C7848D8438D834308F286 ] \Device\Harddisk0\DR0\Partition1
16:32:09.0535 0x06fc \Device\Harddisk0\DR0\Partition1 - ok
16:32:09.0572 0x06fc [ 98F565080BD468C92E00D1E5116F2FD4 ] \Device\Harddisk0\DR0\Partition2
16:32:09.0642 0x06fc \Device\Harddisk0\DR0\Partition2 - ok
16:32:09.0643 0x06fc ================ Scan generic autorun ======================
16:32:09.0743 0x06fc [ 814B913346119771CA458F34ADFC16A5, 31841992C83F8FE01CED6B0E47C3B08F3F202B37813C67E73074652625932F14 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
16:32:09.0754 0x06fc mcui_exe - ok
16:32:09.0821 0x06fc [ F2BC40E35AB242AA27BCD8FBA9D0B5CB, 4F89E1F57E8E4897D1614DAA852B0CBF7C1FD705641895E874C52377DC3F3403 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
16:32:09.0825 0x06fc Avira Systray - ok
16:32:09.0893 0x06fc [ 27F8A7A78773427E5D931628F89D6839, 61A312590322109BEA9EA70345E6FB40435D9BACE2B9CFF3ADF68C7B3D6FA163 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
16:32:09.0907 0x06fc avgnt - ok
16:32:09.0963 0x06fc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:32:10.0057 0x06fc Sidebar - ok
16:32:10.0079 0x06fc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:32:10.0082 0x06fc mctadmin - ok
16:32:10.0121 0x06fc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:32:10.0141 0x06fc Sidebar - ok
16:32:10.0150 0x06fc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:32:10.0153 0x06fc mctadmin - ok
16:32:10.0230 0x06fc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:32:10.0251 0x06fc Sidebar - ok
16:32:10.0257 0x06fc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:32:10.0259 0x06fc mctadmin - ok
16:32:10.0307 0x06fc [ 70DF3BB833AE3C9F5342F539D732C990, 68311D6854990ACB3AC7F775AFFE471469AFB7BC9A61178D18D4DCC3A0BC3B28 ] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
16:32:10.0316 0x06fc WinPatrol - ok
16:32:10.0331 0x06fc [ 4EA63B2AF94A69E5D89D25D45BF8C8D8, D666BC52A093643F21D99C55928851DDE5862DD47FA56C845019B31C6066D7B7 ] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
16:32:10.0337 0x06fc TomTomHOME.exe - ok
16:32:10.0343 0x06fc Waiting for KSN requests completion. In queue: 124
16:32:11.0596 0x06fc AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
16:32:11.0661 0x06fc Win FW state via NFP2: enabled ( trusted )
16:32:11.0914 0x06fc ============================================================
16:32:11.0914 0x06fc Scan finished
16:32:11.0914 0x06fc ============================================================
16:32:11.0920 0x1884 Detected object count: 0
16:32:11.0920 0x1884 Actual detected object count: 0
16:33:50.0124 0x09c0 Deinitialize success
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Sep 01, 2015 1:13 am    Post subject: Reply with quote

Hi, sorry for the delay.
Quote:
I have carried out a search for "social " or "security" in Outlook but found no email.

Could you check again please, The title of the e-mail is either .... Review your Annual Social Security Statement ... or ... Social Security Administration.
Look for an email with this time and date.
Quote:
2010/07/31 05:39:27

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Wed Sep 02, 2015 1:30 pm    Post subject: Reply with quote

I have carried out search for these phrases and date in all outlook files (including deleted and archive)and found nothing. In fact no emails on that date at all.
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Sep 03, 2015 2:04 am    Post subject: Reply with quote

Goody wrote:
I have carried out search for these phrases and date in all outlook files (including deleted and archive)and found nothing. In fact no emails on that date at all.

There are two forms of outlook, the client that used to come with Office.
And outlook.com which used to be Hotmail before it changed it's name.
Do you have an outlook.com account by any chance?

Lets see if be can get another view of this.

Set Your Computer to Show All Files/Folders.
  • Click Start.
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Next.

Upload File/Files for testing

Please go to Virustotal or jotti.org

See if you can navigate to the below file:
Quote:
C:/users/ian/outlook/outlook.pst->message.5056"Social Security Administration [Review your Annual Social Security Statement]"[2010/07/31 05:39:27] Attachment.6513:"statement.zip"->statement.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Thu Sep 03, 2015 12:57 pm    Post subject: Reply with quote

Completed the first part successfully re Show All Files/Folders.

I was able to navigate to the outlook.pst file and load it onto Virustotal and jotti. However at 720MB it is too large for both systems.

Also i do not know what to use to open the pst file to try and find the document
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Fri Sep 04, 2015 2:17 am    Post subject: Reply with quote

Goody wrote:
I was able to navigate to the outlook.pst file and load it onto Virustotal and jotti. However at 720MB it is too large for both systems.
Ok navigate to the file again and delete it.
Then run another scan with Windows Defender and let me know what happens.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Fri Sep 04, 2015 12:19 pm    Post subject: Reply with quote

Deleted the file and emptied Recycle Bin.

ran Defender again and it still picks up the same Trojan. When I either Quarantine or Remove it via Defender I see that the history shows an Error in the Status column. I presume that this means that Defender is not able to quarantine or remove the virus?
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Sep 05, 2015 2:02 am    Post subject: Reply with quote

Unfortunately the tools we use cannot target email clients, so the only way to delete this is to do it manually.
By the looks of things this has been on your computer since 2010, so it's quite possible that it's a false positive detection by Windows defender.
Quick question, have you been receiving more spam emails than usual lately?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sat Sep 05, 2015 6:27 am    Post subject: Reply with quote

No, no more spam than usual. So do I just live with this?
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Sep 05, 2015 6:44 am    Post subject: Reply with quote

Goody wrote:
No, no more spam than usual. So do I just live with this?

Quote:
TrojanDownloaderWin32/Waledac

This type of trojan collects email addresses found on the computer on which it is installed and distributes spam email messages.
Have any of your friends mentioned getting spam emails from you?
As i mentioned it could still be a false positive detection by Windows defender.
The fact that the ESET scan didn't pick it up when you ran it would suggest that.
I would like you to run one more scan for me to see if it detects it, this scan uses similar definitions as Windows defender.

Run Microsoft Safety Scanner

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to Microsoft Safety Scanner

  • Click Download Now
  • When asked to Run or Save, choose Run. (Unless it's to be run on a different PC)
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement. Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next

  • (If it finds nothing, it will just Exit. It still does create a report file.)
  • If it has found anything, check the box titled "Help Remove potentially unwanted software"
  • Click Next.
  • (The Dialog label will become "Cleaning your computer"). It may take a while.
  • After this operation completes, click Finish.
  • When removals are complete, it will report through a link, "View detailed results of the scan"
  • Clicking the link will popup a report in Notepad.
  • Please post the contents of the file in a reply.
  • The report file is also saved here: C:\Windows\debug\msert.log

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Sun Sep 06, 2015 10:28 am    Post subject: Reply with quote

Nothing detected, copy of log below

Microsoft Safety Scanner v1.0, (build 1.205.1689.0)
Started On Sat Sep 05 16:34:45 2015
->Scan ERROR: resource process://pid:1264,ProcessStart:130859330800564238 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1696,ProcessStart:130859407470587350 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:1016,ProcessStart:130859408872698866 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:6444,ProcessStart:130859408883150885 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:6368,ProcessStart:130859409021491230 (code 0x0000012B (299))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Sep 05 16:53:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.205.1689.0)
Started On Sun Sep 06 16:58:28 2015

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:1284,ProcessStart:130860283066320265 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5796,ProcessStart:130860284944839627 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:5108,ProcessStart:130860285489464593 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:1856,ProcessStart:130860285624428826 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:3468,ProcessStart:130860285687452937 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:3592,ProcessStart:130860287239352978 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:2972,ProcessStart:130860287242160983 (code 0x0000012B (299))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c59f0cfa-500d-11e5-b786-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d9373472-4cea-11e5-a7d0-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d93734a6-4cea-11e5-a7d0-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{dad2b763-48f8-11e5-b866-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{e1c8fb7b-49c8-11e5-aaf5-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ea95b863-5275-11e5-9cd1-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ea95b88d-5275-11e5-9cd1-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ea95b910-5275-11e5-9cd1-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{fb42bbed-4da7-11e5-aa14-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{fb42bd23-4da7-11e5-aa14-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{fb42bd42-4da7-11e5-aa14-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{fb42bd4c-4da7-11e5-aa14-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{fb42bd4d-4da7-11e5-aa14-d4bed9d712bc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sun Sep 06 19:23:45 2015


Return code: 0 (0x0)
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Sep 06, 2015 12:16 pm    Post subject: Reply with quote

Ok that's a good result.
When Windows Defender detects this does it give you the option to ignore it?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Mon Sep 07, 2015 12:30 pm    Post subject: Reply with quote

I think it only asks for me to quarantine or remove it. Dont remember an ignore option. I can run a full scan again and see what it asks if you want?
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Sep 08, 2015 1:20 am    Post subject: Reply with quote

Goody wrote:
I think it only asks for me to quarantine or remove it. Dont remember an ignore option. I can run a full scan again and see what it asks if you want?
Yes, run a full scan then let me know what options it gives you.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Wed Sep 09, 2015 12:09 pm    Post subject: Reply with quote

I have run the full scan twice now and about half way through I get the small warning triangle indicating " prelim scan shows maliciuos or potentailly unwanted software. Review scan when complete". When scan is complete there is no evidence of the trojan.
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Sep 10, 2015 1:50 am    Post subject: Reply with quote

Hi,

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Thu Sep 10, 2015 12:32 pm    Post subject: Reply with quote

No threat detected, but unable to update Malwarebytes - message said unable to finf server. Copy of log below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/09/2015
Scan Time: 21:12
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401645
Time Elapsed: 16 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
_________________
Goody
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Fri Sep 11, 2015 1:01 am    Post subject: Reply with quote

As far as i can see your computer is clean.
As a final check run another FRST scan please and post the new logs.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Goody
Warrior


Joined: 23 Oct 2006
Last Visit: 24 Feb 2017
Posts: 177

PostPosted: Fri Sep 11, 2015 12:43 pm    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Ian (administrator) on IAN-PC (11-09-2015 21:40:56)
Running from C:\Users\Ian\Downloads
Loaded Profiles: Ian (Available Profiles: UpdatusUser & Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Ian\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35C81B67-87E6-433E-9A94-9293E66C66D2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41D2B5F9-6A5D-4115-9196-74CBE5701E3F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {8C83D59F-D849-481B-A96A-4BB31254B59D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {C5EA24D0-C587-42B4-8BA8-1B067FA64D26} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=110313&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2121647027-3655492899-1191817543-1001 -> {E5B44C1B-52F1-4AF2-A3F5-ACC845FA2CE8} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKU\S-1-5-21-2121647027-3655492899-1191817543-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-12] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-08-06] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R1 RapportCerberus_1507067; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507067.sys [958744 2015-09-03] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-12] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-12] (IBM Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 21:40 - 2015-09-11 21:40 - 02190848 _____ (Farbar) C:\Users\Ian\Downloads\FRST64 (1).exe
2015-09-11 19:37 - 2015-09-11 19:37 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Avira
2015-09-11 19:33 - 2015-08-06 20:58 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-11 19:33 - 2015-08-06 20:58 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-09-11 19:33 - 2015-08-06 20:58 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-11 19:33 - 2015-08-06 20:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-09-11 19:30 - 2015-09-11 19:30 - 00001838 _____ C:\Windows\PFRO.log
2015-09-11 16:29 - 2015-09-11 19:31 - 00000112 _____ C:\Windows\setupact.log
2015-09-11 16:29 - 2015-09-11 16:29 - 00000000 _____ C:\Windows\setuperr.log
2015-09-08 22:07 - 2015-08-05 18:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 22:07 - 2015-08-05 18:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 22:07 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 22:07 - 2015-07-15 04:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 22:07 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 22:06 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 22:06 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 22:06 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 22:06 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 22:06 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 22:06 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 22:06 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 22:06 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 22:06 - 2015-08-18 02:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 22:06 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 22:06 - 2015-08-15 07:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 22:06 - 2015-08-15 07:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 22:06 - 2015-08-15 07:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 22:06 - 2015-08-15 07:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 22:06 - 2015-08-15 07:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 22:06 - 2015-08-15 07:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 22:06 - 2015-08-15 07:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 22:06 - 2015-08-15 07:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 22:06 - 2015-08-15 07:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 22:06 - 2015-08-15 07:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 22:06 - 2015-08-15 07:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 22:06 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 22:06 - 2015-08-15 07:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 22:06 - 2015-08-15 07:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 22:06 - 2015-08-15 07:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 22:06 - 2015-08-15 07:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 22:06 - 2015-08-15 07:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 22:06 - 2015-08-15 07:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 22:06 - 2015-08-15 06:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 22:06 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 22:06 - 2015-08-15 06:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 22:06 - 2015-08-15 06:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 22:06 - 2015-08-15 06:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 22:06 - 2015-08-15 06:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 22:06 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 22:06 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-08 22:06 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 22:06 - 2015-08-15 06:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 22:06 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-08 22:06 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-08 22:06 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 22:06 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 22:06 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-08 22:06 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 22:06 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 22:06 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-08 22:06 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 22:06 - 2015-08-15 06:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 22:06 - 2015-08-15 06:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 22:06 - 2015-08-15 06:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 22:06 - 2015-08-15 06:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 22:06 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 22:06 - 2015-08-15 06:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 22:06 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-08 22:06 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-08 22:06 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 22:06 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 22:06 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 22:06 - 2015-08-15 06:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 22:06 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 22:06 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 22:06 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 22:06 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-08 22:06 - 2015-08-15 05:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 22:06 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 22:06 - 2015-08-15 05:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 22:06 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 22:06 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 22:06 - 2015-08-04 19:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 22:06 - 2015-08-04 19:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 22:06 - 2015-08-04 18:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 22:06 - 2015-08-04 18:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 22:06 - 2015-08-04 18:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 22:06 - 2015-08-04 18:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 22:06 - 2015-08-04 18:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 22:06 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 22:06 - 2015-08-04 17:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 22:04 - 2015-07-23 01:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 22:04 - 2015-07-23 01:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 22:04 - 2015-07-23 01:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 22:04 - 2015-07-23 01:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 22:04 - 2015-07-23 01:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 22:04 - 2015-07-23 01:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 22:04 - 2015-07-23 01:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 22:04 - 2015-07-23 01:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 22:04 - 2015-07-23 01:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 22:04 - 2015-07-23 01:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 22:04 - 2015-07-23 01:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 22:04 - 2015-07-23 01:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 22:04 - 2015-07-23 01:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 22:04 - 2015-07-23 01:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 22:04 - 2015-07-23 00:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 22:04 - 2015-07-23 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 22:04 - 2015-07-23 00:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 22:04 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 22:04 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 22:04 - 2015-07-22 18:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 22:04 - 2015-07-22 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 22:04 - 2015-07-22 18:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 22:04 - 2015-07-22 18:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 22:04 - 2015-07-22 18:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 22:04 - 2015-07-22 18:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 22:04 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 22:04 - 2015-07-22 18:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 22:04 - 2015-07-22 18:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 22:04 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 22:04 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 22:04 - 2015-07-22 17:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 22:04 - 2015-07-22 17:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 22:04 - 2015-07-22 17:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 22:04 - 2015-07-22 17:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 22:04 - 2015-07-22 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 22:04 - 2015-07-22 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 22:04 - 2015-07-22 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 22:03 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 22:03 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 22:03 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 22:03 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 22:02 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 22:02 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 22:02 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 22:02 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 22:02 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 22:02 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 22:02 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 22:02 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 22:02 - 2015-09-02 02:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 22:02 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 22:02 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 22:02 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 22:02 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 22:02 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 22:02 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 22:02 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 21:56 - 2015-08-26 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 21:56 - 2015-08-26 19:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 21:56 - 2015-08-26 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 21:56 - 2015-08-26 19:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 21:56 - 2015-08-26 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 21:56 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 21:56 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 21:56 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 21:56 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 21:56 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-05 16:32 - 2015-09-05 16:34 - 146850064 _____ (Microsoft Corporation) C:\Users\Ian\Downloads\msert.exe
2015-08-31 19:28 - 2015-09-11 19:14 - 00001212 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-29 16:30 - 2015-08-29 16:31 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ian\Downloads\tdsskiller.exe
2015-08-28 21:13 - 2015-08-28 21:13 - 00002450 _____ C:\Users\Ian\Desktop\JRT.txt
2015-08-28 21:06 - 2015-08-28 21:06 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Ian\Downloads\JRT.exe
2015-08-28 20:19 - 2015-09-10 21:34 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 20:18 - 2015-08-28 20:18 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-28 20:18 - 2015-08-28 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-28 20:18 - 2015-08-28 20:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-28 20:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-28 20:18 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-28 20:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-28 20:17 - 2015-08-28 20:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-28 20:17 - 2015-08-28 20:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ian\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-23 20:33 - 2015-08-23 20:33 - 02870984 _____ (ESET) C:\Users\Ian\Downloads\esetsmartinstaller_enu (1).exe
2015-08-23 20:32 - 2015-08-23 20:33 - 02870984 _____ (ESET) C:\Users\Ian\Downloads\esetsmartinstaller_enu.exe
2015-08-22 22:13 - 2015-08-22 22:14 - 00039912 _____ C:\Users\Ian\Downloads\Addition.txt
2015-08-22 22:12 - 2015-09-11 21:40 - 00016065 _____ C:\Users\Ian\Downloads\FRST.txt
2015-08-22 22:12 - 2015-09-11 21:40 - 00000000 ____D C:\FRST
2015-08-22 22:11 - 2015-08-22 22:11 - 02173952 _____ (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2015-08-22 22:11 - 2015-08-22 22:11 - 01677824 _____ (Farbar) C:\Users\Ian\Downloads\FRST.exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (2).exe
2015-08-22 22:01 - 2015-08-22 22:01 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003 (1).exe
2015-08-22 21:56 - 2015-08-22 21:56 - 01605632 _____ C:\Users\Ian\Downloads\adwcleaner_5.003.exe
2015-08-22 21:54 - 2015-08-22 21:54 - 00002241 _____ C:\Users\Ian\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-22 21:54 - 2015-08-22 21:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-IAN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-22 21:54 - 2015-08-22 21:54 - 00000000 ____D C:\RegBackup
2015-08-22 21:53 - 2015-08-22 21:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-22 21:52 - 2015-08-22 21:52 - 04664160 _____ (Tweaking.com) C:\Users\Ian\Downloads\tweaking.com_registry_backup_setup.exe
2015-08-21 23:51 - 2015-08-21 23:51 - 00025927 _____ C:\Users\Ian\Desktop\dds.txt
2015-08-21 23:50 - 2015-08-21 23:50 - 00688992 ____R (Swearware) C:\Users\Ian\Downloads\dds.scr
2015-08-19 21:12 - 2015-09-10 22:13 - 00000000 ____D C:\Windows\Minidump
2015-08-12 22:09 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:09 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:09 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:09 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:09 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:09 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 20:09 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:09 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 20:08 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:08 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:08 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:05 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:03 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:03 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:03 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:03 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:03 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 19:27 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 19:27 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 18:45 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 21:41 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 21:41 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 21:39 - 2012-07-12 23:06 - 00000000 ____D C:\Users\Ian\AppData\Local\Google
2015-09-11 21:26 - 2015-04-19 20:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-11 20:50 - 2013-12-15 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 20:44 - 2012-07-06 04:36 - 01079657 _____ C:\Windows\WindowsUpdate.log
2015-09-11 19:35 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-11 19:33 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Avira
2015-09-11 19:33 - 2015-07-12 15:18 - 00000000 ____D C:\Program Files (x86)\Avira
2015-09-11 19:33 - 2012-07-05 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-09-11 19:32 - 2013-12-15 18:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 19:32 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-11 19:32 - 2012-07-05 21:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-11 19:31 - 2012-07-06 04:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-11 19:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 22:13 - 2013-12-13 19:32 - 00000000 ____D C:\Users\Ian\AppData\Local\CrashDumps
2015-09-09 00:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-09-08 23:34 - 2009-07-14 06:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-08 23:26 - 2009-07-14 05:45 - 00412504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 23:24 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 23:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-08 22:45 - 2012-07-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 22:44 - 2013-08-14 19:36 - 00000000 ____D C:\Windows\system32\MRT
2015-09-07 21:09 - 2012-07-12 23:05 - 00000000 ____D C:\Users\Ian\Documents\Kay
2015-09-07 19:02 - 2015-07-12 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-06 19:25 - 2012-07-12 22:44 - 00109696 _____ C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-04 22:02 - 2012-07-12 23:05 - 00000000 ____D C:\Users\Ian\Documents\Ian
2015-09-04 21:13 - 2013-12-19 16:15 - 00000000 ____D C:\ProgramData\tmp
2015-09-04 16:55 - 2013-12-15 18:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 20:58 - 2014-06-13 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-29 15:45 - 2013-12-15 18:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 15:45 - 2013-12-15 18:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2012-09-16 21:47 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-22 22:04 - 2013-12-09 21:09 - 00000000 ____D C:\AdwCleaner
2015-08-22 19:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-14 18:17 - 2014-12-12 22:54 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 18:17 - 2014-05-06 22:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 22:09 - 2013-03-13 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 18:26 - 2015-04-19 20:08 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:26 - 2015-04-19 20:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:26 - 2015-04-19 20:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 13:04 - 2015-06-11 20:40 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-08-12 13:04 - 2014-06-13 16:37 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

==================== Files in the root of some directories =======

2014-12-26 21:22 - 2014-12-26 21:22 - 0038422 _____ () C:\Users\Ian\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-10-28 21:09 - 2013-12-09 20:16 - 0000098 _____ () C:\Users\Ian\AppData\Roaming\WB.CFG
2013-10-28 21:09 - 2013-12-09 20:15 - 0000006 _____ () C:\Users\Ian\AppData\Roaming\WBPU-TTL.DAT
2012-12-02 12:40 - 2012-12-02 12:40 - 0003584 _____ () C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-11 17:41

==================== End of FRST.txt ============================
_________________
Goody
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group