malware infected my daughters laptop. help?


Recommended Posts

 

Howdy Nate and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

===================================

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

NEXT

 

    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>> https://www.malwarebytes.org/mwb-intercept/
      Get the FREE version !!
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

 

Post those logs as you get them, them continue on to the next in line !

Thanks

Chuck

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by biven (Administrator) on Sun 12/27/2015 at 13:43:59.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 25

Failed to delete: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Failed to delete: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Failed to delete: C:\Windows\system32\drivers\bsdriver.sys (File)
Failed to delete: C:\Windows\system32\drivers\cherimoya.sys (File)
Failed to delete: C:\Windows\system32\Drivers\swsedrvr_vw_1_10_0_25.sys (File)
Successfully deleted: C:\Program Files (x86)\gmsd_us_005010185 (Folder)
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\flashbeat (Folder)
Successfully deleted: C:\ProgramData\Service1291 (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\ProgramData\tvtime (Folder)
Successfully deleted: C:\Users\biven\AppData\Local\gmsd_us_005010185 (Folder)
Successfully deleted: C:\Users\biven\AppData\Local\tvtime (Folder)
Successfully deleted: C:\Users\biven\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\biven\AppData\Roaming\aspackage (Folder)
Successfully deleted: C:\Users\biven\AppData\Roaming\tsearch (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-install-v0003 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-uninstall-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Roaming\Bubble Dock.boostrap.log (File)

 

Registry: 5

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010185 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\cherimoya (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\swsedrvr_vw_1_10_0_25 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/27/2015 at 13:45:53.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Nate ..... Not real bad but those needed removed !!

 

After the Malwarebytes log i need you to run this one next !!


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   


Thanks

Chuck

Link to post
Share on other sites

Posting this because it's easier to read like this !!

OTL logfile created on: 12/27/2015 2:36:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\biven\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10240.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 72.57% Memory free
9.79 Gb Paging File | 7.54 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.13 Gb Total Space | 874.72 Gb Free Space | 95.27% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-8S8J809 | User Name: biven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2015/12/27 14:35:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biven\Desktop\OTL.com
PRC - [2015/12/24 23:55:59 | 000,551,112 | ---- | M] (Microsoft Corporation) -- C:\Users\biven\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2015/12/07 19:06:02 | 004,558,184 | ---- | M] (Dell) -- C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
PRC - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/08/27 13:13:44 | 000,237,272 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Update\DellUpService.exe
PRC - [2015/08/27 13:12:22 | 000,707,800 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Update\DellUpTray.exe
PRC - [2015/06/24 00:08:22 | 000,223,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2015/06/24 00:08:10 | 000,411,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2015/06/23 15:26:44 | 000,238,320 | ---- | M] (Dell Products, LP.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2015/06/15 12:20:16 | 000,153,328 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
PRC - [2015/06/12 00:24:12 | 000,640,928 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2015/06/09 13:37:48 | 000,150,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
PRC - [2015/05/29 15:12:18 | 000,505,200 | ---- | M] () -- C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
PRC - [2015/05/22 14:20:32 | 000,294,616 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
PRC - [2015/05/19 08:11:04 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
PRC - [2015/05/07 04:21:02 | 000,110,008 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2015/04/28 15:49:28 | 001,393,880 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
PRC - [2014/01/12 22:24:12 | 000,627,992 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
PRC - [2012/10/08 05:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/12/26 03:21:33 | 007,419,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a73b5a097f4a7e26470de5940f71e623\System.Xml.ni.dll
MOD - [2015/12/26 03:21:28 | 001,877,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8ef7ed39a53334c86c98ca76a73a2cb4\System.Xaml.ni.dll
MOD - [2015/12/26 03:21:23 | 002,773,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0ae5397e59e320e24681e9297b413ed2\System.Runtime.Serialization.ni.dll
MOD - [2015/12/26 03:21:20 | 000,972,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8cc5a2101f88ecce594d053af3256a7e\System.Configuration.ni.dll
MOD - [2015/12/26 03:21:19 | 007,406,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b985aa78aab4528aaa723b90b52986d1\System.Core.ni.dll
MOD - [2015/12/26 03:21:14 | 000,527,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\a32f5bf7eb3b56ca485ac12a0c5d35e0\PresentationFramework.Aero2.ni.dll
MOD - [2015/12/26 03:21:13 | 018,960,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\059ac7164dcb95e2ae067c8e49f6680d\PresentationFramework.ni.dll
MOD - [2015/12/26 03:21:00 | 011,549,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c3d324221042f176e420590b44e75c8\PresentationCore.ni.dll
MOD - [2015/12/26 03:20:51 | 003,944,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f973625b155d04ed7ca1312e9f619cda\WindowsBase.ni.dll
MOD - [2015/12/26 03:20:49 | 010,133,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\33c22596ef36ae634d7c7fa0d834a1a3\System.ni.dll
MOD - [2015/10/20 17:54:22 | 019,057,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\68b0897c4cade2a6a72889bff2bd0904\mscorlib.ni.dll
MOD - [2015/05/29 15:12:18 | 000,505,200 | ---- | M] () -- C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
MOD - [2015/05/29 15:12:14 | 000,114,032 | ---- | M] () -- C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
MOD - [2015/05/29 15:11:32 | 000,214,384 | ---- | M] () -- C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
MOD - [2014/12/08 14:28:12 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
MOD - [2014/12/07 23:28:07 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/12/07 19:06:08 | 000,119,656 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe -- (Dell Foundation Services)
SRV:64bit: - [2015/12/05 14:49:12 | 000,032,104 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\Product Registration\PRSvc.exe -- (Dell Product Registration)
SRV:64bit: - [2015/11/24 20:27:26 | 002,180,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/11/04 20:03:49 | 001,015,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2015/11/04 20:01:38 | 000,713,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2015/11/04 19:59:13 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2015/11/04 19:55:55 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2015/09/25 00:41:20 | 001,031,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2015/09/25 00:41:14 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2015/09/25 00:41:14 | 000,658,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2015/09/25 00:41:14 | 000,343,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2015/09/24 19:00:50 | 001,423,872 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2015/09/24 18:59:48 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2015/09/24 18:59:38 | 001,205,248 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2015/09/16 22:48:41 | 000,809,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2015/09/16 22:06:04 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2015/09/16 22:03:28 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2015/09/16 21:58:01 | 000,503,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2015/09/16 21:52:31 | 000,591,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2015/09/16 21:48:26 | 002,093,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2015/09/16 21:47:56 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2015/09/16 21:44:10 | 000,526,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2015/09/16 21:44:08 | 001,844,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/09/16 21:43:32 | 000,378,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/08/27 16:35:20 | 000,226,016 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor14.0)
SRV:64bit: - [2015/08/24 16:32:42 | 000,049,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe -- (Dell Help & Support)
SRV:64bit: - [2015/08/17 22:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2015/08/17 22:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2015/08/11 01:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/29 19:44:49 | 000,280,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/07/29 19:44:28 | 000,229,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2015/07/10 03:01:10 | 000,621,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2015/07/10 03:01:10 | 000,504,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2015/07/10 03:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2015/07/10 03:00:41 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2015/07/10 03:00:36 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/10 03:00:20 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/07/10 03:00:16 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/10 03:00:09 | 000,337,408 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2015/07/10 03:00:09 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2015/07/10 03:00:09 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2015/07/10 03:00:09 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2015/07/10 03:00:07 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2015/07/10 03:00:07 | 001,019,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2015/07/10 03:00:07 | 000,268,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2015/07/10 03:00:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2015/07/10 03:00:07 | 000,023,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2015/07/10 03:00:07 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2015/07/10 03:00:06 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2015/07/10 03:00:06 | 000,087,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2015/07/10 03:00:03 | 003,467,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2015/07/10 03:00:02 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2015/07/10 03:00:02 | 000,836,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2015/07/10 03:00:02 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2015/07/10 03:00:01 | 000,096,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2015/07/10 03:00:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2015/07/10 03:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2015/07/10 02:59:59 | 000,296,960 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2015/07/10 02:59:59 | 000,196,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2015/07/10 02:59:59 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2015/07/10 02:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_Session1)
SRV:64bit: - [2015/07/10 02:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_Session1)
SRV:64bit: - [2015/07/10 02:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_Session1)
SRV:64bit: - [2015/07/10 02:59:58 | 000,039,856 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_Session1)
SRV:64bit: - [2015/07/10 02:59:57 | 000,405,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2015/07/10 02:59:57 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2015/07/10 02:59:56 | 000,019,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2015/07/10 02:59:55 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2015/07/10 02:59:55 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2015/07/10 02:59:54 | 000,275,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2015/07/10 02:59:53 | 000,063,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2015/07/10 02:59:51 | 000,583,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2015/07/10 02:59:50 | 000,550,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2015/07/10 02:59:50 | 000,362,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/10 02:59:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2015/07/10 02:59:48 | 000,506,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2015/07/10 02:59:48 | 000,024,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/07/10 02:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2015/07/10 02:59:36 | 000,326,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2015/07/06 16:23:44 | 000,396,992 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe -- (IntelUSBoverIP)
SRV:64bit: - [2015/06/30 11:26:52 | 000,350,312 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV:64bit: - [2015/06/12 00:24:40 | 003,831,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2015/06/12 00:24:28 | 000,268,192 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2015/06/12 00:24:12 | 000,640,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2015/06/12 00:23:48 | 000,157,088 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2015/05/26 16:38:28 | 000,564,144 | ---- | M] (Waves Audio Ltd.) [Auto | Running] -- C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe -- (WavesSysSvc)
SRV:64bit: - [2015/05/22 14:20:32 | 000,294,616 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2015/05/22 00:24:00 | 000,881,152 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2014/01/12 22:24:12 | 000,627,992 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2015/12/25 23:55:23 | 002,104,840 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/11/04 19:27:12 | 002,049,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/09/24 18:34:00 | 000,928,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2015/09/16 21:45:35 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2015/09/16 21:16:16 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2015/08/27 13:13:44 | 000,237,272 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Update\DellUpService.exe -- (DellUpdate)
SRV - [2015/07/10 03:00:30 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\lfsvc.dll -- (lfsvc)
SRV - [2015/07/10 03:00:24 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2015/07/10 02:59:37 | 003,337,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/06/30 11:26:54 | 000,282,216 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2015/06/24 00:08:22 | 000,223,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2015/06/24 00:08:10 | 000,411,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2015/06/23 15:26:44 | 000,238,320 | ---- | M] (Dell Products, LP.) [Auto | Running] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2015/06/16 20:27:00 | 000,019,088 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe -- (Intel(R)
SRV - [2015/06/15 12:20:16 | 000,153,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Customer Connect\DCCService.exe -- (Dell Customer Connect)
SRV - [2015/06/09 13:37:48 | 000,150,256 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe -- (ibtsiva)
SRV - [2015/05/19 08:11:04 | 000,007,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe -- (isaHelperSvc)
SRV - [2015/05/19 08:11:00 | 000,335,872 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe -- (Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/12/27 14:13:18 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/11/30 22:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2015/11/24 21:40:09 | 000,516,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/25 00:41:14 | 000,934,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2015/09/25 00:41:14 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2015/09/25 00:41:14 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2015/09/25 00:41:14 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2015/09/16 22:50:17 | 000,099,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2015/09/16 22:48:41 | 000,278,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/09/16 21:50:08 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2015/08/17 23:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/08/11 02:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2015/08/05 19:17:40 | 000,200,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2015/08/05 18:22:03 | 000,685,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2015/08/02 18:18:37 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2015/08/02 18:17:53 | 000,052,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2015/07/29 19:44:26 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/07/10 05:15:59 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015/07/10 05:15:54 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2015/07/10 03:01:20 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2015/07/10 03:00:14 | 000,380,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/07/10 03:00:14 | 000,215,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/07/10 03:00:10 | 000,106,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2015/07/10 03:00:10 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2015/07/10 03:00:10 | 000,031,072 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015/07/10 03:00:09 | 000,200,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2015/07/10 03:00:09 | 000,153,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2015/07/10 03:00:09 | 000,061,952 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2015/07/10 03:00:09 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2015/07/10 03:00:09 | 000,026,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ioqos.sys -- (IoQos)
DRV:64bit: - [2015/07/10 03:00:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2015/07/10 03:00:00 | 000,245,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2015/07/10 03:00:00 | 000,159,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2015/07/10 03:00:00 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2015/07/10 03:00:00 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2015/07/10 03:00:00 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2015/07/10 03:00:00 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2015/07/10 02:59:59 | 000,155,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2015/07/10 02:59:59 | 000,088,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2015/07/10 02:59:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2015/07/10 02:59:53 | 000,129,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2015/07/10 02:59:53 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2015/07/10 02:59:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2015/07/10 02:59:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/07/10 02:59:50 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2015/07/10 02:59:48 | 000,291,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/10 02:59:48 | 000,209,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2015/07/10 02:59:48 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2015/07/10 02:59:48 | 000,083,968 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2015/07/10 02:59:48 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015/07/10 02:59:48 | 000,044,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/10 02:59:48 | 000,044,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2015/07/10 02:59:48 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2015/07/10 02:59:40 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015/07/10 02:59:40 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2015/07/10 02:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2015/07/10 02:59:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2015/07/10 02:59:40 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2015/07/10 02:59:39 | 000,705,376 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2015/07/10 02:59:39 | 000,474,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2015/07/10 02:59:39 | 000,424,800 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2015/07/10 02:59:39 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2015/07/10 02:59:39 | 000,133,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2015/07/10 02:59:39 | 000,127,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2015/07/10 02:59:39 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2015/07/10 02:59:39 | 000,077,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2015/07/10 02:59:39 | 000,076,128 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2015/07/10 02:59:39 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2015/07/10 02:59:39 | 000,059,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2015/07/10 02:59:39 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2015/07/10 02:59:39 | 000,058,208 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2015/07/10 02:59:39 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2015/07/10 02:59:39 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2015/07/10 02:59:39 | 000,040,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2015/07/10 02:59:39 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2015/07/10 02:59:39 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2015/07/10 02:59:39 | 000,026,976 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2015/07/10 02:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV:64bit: - [2015/07/10 02:59:38 | 003,436,896 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2015/07/10 02:59:38 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2015/07/10 02:59:38 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2015/07/10 02:59:38 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2015/07/10 02:59:38 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2015/07/10 02:59:38 | 000,222,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015/07/10 02:59:38 | 000,207,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/10 02:59:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2015/07/10 02:59:38 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2015/07/10 02:59:38 | 000,104,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2015/07/10 02:59:38 | 000,099,168 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2015/07/10 02:59:38 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015/07/10 02:59:38 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2015/07/10 02:59:38 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2015/07/10 02:59:38 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2015/07/10 02:59:38 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015/07/10 02:59:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015/07/10 02:59:38 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2015/07/10 02:59:38 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2015/07/10 02:59:38 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2015/07/10 02:59:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2015/07/10 02:59:38 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2015/07/10 02:59:36 | 000,237,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2015/07/10 02:59:36 | 000,122,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2015/07/10 02:59:36 | 000,116,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2015/07/10 02:59:36 | 000,094,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:64bit: - [2015/07/10 02:59:36 | 000,092,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2015/07/10 02:59:36 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/07/10 02:59:36 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2015/07/10 02:59:36 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2015/07/10 02:59:36 | 000,043,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2015/07/10 02:59:36 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2015/07/10 02:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2015/07/10 02:59:36 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2015/07/10 02:59:36 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2015/07/10 02:59:36 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2015/07/10 02:59:36 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2015/07/10 02:59:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2015/07/10 02:59:36 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2015/07/10 02:59:36 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2015/07/06 16:21:28 | 000,212,056 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2015/06/30 11:26:44 | 006,079,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2015/06/23 15:58:58 | 001,455,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2015/06/21 22:16:56 | 003,776,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwbw02.sys -- (NETwNb64)
DRV:64bit: - [2015/06/15 11:29:16 | 000,155,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS_UART2.sys -- (iaLPSS_UART2)
DRV:64bit: - [2015/06/15 11:29:16 | 000,132,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iaLPSS_I2C.sys -- (iaLPSS_I2C)
DRV:64bit: - [2015/06/15 11:29:16 | 000,113,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS_SPI.sys -- (iaLPSS_SPI)
DRV:64bit: - [2015/06/15 11:29:16 | 000,046,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS_GPIO.sys -- (iaLPSS_GPIO)
DRV:64bit: - [2015/06/12 04:54:56 | 000,183,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64)
DRV:64bit: - [2015/06/09 13:38:24 | 000,255,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2015/05/29 10:14:22 | 000,886,528 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2015/05/13 15:05:10 | 000,402,960 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2015/05/08 11:37:12 | 000,019,440 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2013/11/12 13:25:22 | 000,091,912 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/11/11 06:16:02 | 000,090,424 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2013/11/11 06:16:02 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2013/11/11 06:16:02 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2013/09/03 02:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2015/07/10 02:59:39 | 000,017,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys -- (swenum)
DRV - [2015/07/10 02:59:36 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE:64bit: - HKLM\..\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ws://*;wss://*
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ws://*;wss://*
 
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell15.msn.com/?pc=DCTE
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ws://*;wss://*
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2015/12/25 23:38:05 | 000,000,967 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       down.baidu2016.com
O1 - Hosts: 127.0.0.1       123.sogou.com
O1 - Hosts: 127.0.0.1       www.czzsyzgm.com
O1 - Hosts: 127.0.0.1       www.czzsyzxl.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg_MAXX6] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WavesSvc] C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Waves Audio Ltd.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2875059968-196611492-1916212712-1001..\Run: [OneDrive] C:\Users\biven\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2875059968-196611492-1916212712-1001..\Run: [PC-BOLT] C:\Users\biven\AppData\Local\Temp\nsa2E16.tmp (Fraternity Solution)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1537aba9-0b6e-45fe-b91d-e562c2aaae37}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4a2c0855-3ba3-4e68-89e3-441a2dfa49d2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5cd488a4-6359-11e5-9bc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5cd488a4-6359-11e5-9bc2-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Bamboo.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/12/27 14:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\biven\Desktop\OTL.com
[2015/12/27 14:08:59 | 000,000,000 | ---D | C] -- C:\Avenger
[2015/12/27 13:50:21 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/27 13:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/12/27 13:50:08 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/12/27 13:50:08 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/12/27 13:50:08 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/12/27 13:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/12/27 13:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/12/27 13:49:33 | 022,908,888 | ---- | C] (Malwarebytes                                                ) -- C:\Users\biven\Desktop\mbam-setup-2.2.0.1024.exe
[2015/12/27 13:43:46 | 001,599,336 | ---- | C] (Malwarebytes) -- C:\Users\biven\Desktop\JRT.exe
[2015/12/27 13:24:52 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/12/27 12:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/12/27 12:43:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/26 03:45:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SleepStudy
[2015/12/26 01:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/12/26 00:33:12 | 003,933,496 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL
[2015/12/26 00:33:12 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2015/12/26 00:33:11 | 002,458,936 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LdaCx2.dll
[2015/12/26 00:07:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\paxs
[2015/12/26 00:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2015/12/25 23:55:54 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Origin
[2015/12/25 23:55:51 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Origin
[2015/12/25 23:51:53 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Tempfolder
[2015/12/25 23:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpaceSoundPro
[2015/12/25 23:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2015/12/25 23:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2015/12/25 23:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2015/12/25 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\ContentCleaner
[2015/12/25 23:30:05 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Programs
[2015/12/25 23:24:32 | 002,824,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2015/12/25 23:24:32 | 002,446,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2015/12/25 23:24:32 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdiWiFi.sys
[2015/12/25 23:24:30 | 001,918,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2015/12/25 23:24:30 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kbase.sys
[2015/12/25 23:24:30 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdbui.dll
[2015/12/25 23:24:30 | 000,373,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2015/12/25 23:24:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PimIndexMaintenance.dll
[2015/12/25 23:24:30 | 000,285,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2015/12/25 23:24:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CallHistoryClient.dll
[2015/12/25 23:24:30 | 000,099,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2015/12/25 23:24:30 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ngckeyenum.dll
[2015/12/25 23:24:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HttpsDataSource.dll
[2015/12/25 23:24:30 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tetheringclient.dll
[2015/12/25 23:24:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys
[2015/12/25 23:24:29 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2015/12/25 23:24:29 | 000,961,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LicenseManager.dll
[2015/12/25 23:24:29 | 000,333,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2015/12/25 23:24:29 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2015/12/25 23:24:29 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFramework.dll
[2015/12/25 23:24:29 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdmmigrator.dll
[2015/12/25 23:24:29 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmcertinst.exe
[2015/12/25 23:24:29 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tetheringservice.dll
[2015/12/25 23:24:29 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationPermissions.dll
[2015/12/25 23:24:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2015/12/25 23:24:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncmlhook.dll
[2015/12/25 23:24:28 | 002,093,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2015/12/25 23:24:28 | 001,844,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\workfolderssvc.dll
[2015/12/25 23:24:28 | 001,276,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wifinetworkmanager.dll
[2015/12/25 23:24:28 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ngcsvc.dll
[2015/12/25 23:24:27 | 000,459,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2015/12/25 23:24:27 | 000,442,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2015/12/25 23:24:27 | 000,406,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2015/12/25 23:24:27 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/25 23:24:27 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stornvme.sys
[2015/12/25 23:24:26 | 004,792,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/25 23:24:26 | 001,423,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserDataService.dll
[2015/12/25 23:24:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2015/12/25 23:24:26 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PsmServiceExtHost.dll
[2015/12/25 23:24:26 | 000,516,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2015/12/25 23:24:25 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kfull.sys
[2015/12/25 23:24:25 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2015/12/25 23:24:25 | 000,037,376 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/12/25 23:24:24 | 002,418,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2015/12/25 23:24:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthhfenum.sys
[2015/12/25 23:24:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuautoappupdate.dll
[2015/12/25 23:24:23 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CellularAPI.dll
[2015/12/25 23:24:23 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\enterprisecsps.dll
[2015/12/25 23:24:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationGeofences.dll
[2015/12/25 23:24:22 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2015/12/25 23:24:22 | 001,392,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LicenseManager.dll
[2015/12/25 23:24:22 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\configmanager2.dll
[2015/12/25 23:24:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmcsps.dll
[2015/12/25 23:24:20 | 021,872,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\edgehtml.dll
[2015/12/25 23:24:20 | 007,523,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakra.dll
[2015/12/25 23:24:20 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\buttonconverter.sys
[2015/12/25 23:24:19 | 001,200,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015/12/25 23:24:19 | 000,045,568 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/12/25 23:24:18 | 016,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2015/12/25 23:24:18 | 008,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/12/25 23:24:18 | 001,234,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015/12/25 23:24:15 | 001,812,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2015/12/25 23:24:15 | 000,541,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2015/12/25 23:24:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shacct.dll
[2015/12/25 23:24:15 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shacct.dll
[2015/12/25 23:24:14 | 006,572,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2015/12/25 23:24:14 | 000,579,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2015/12/25 23:24:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LicenseManagerShellext.exe
[2015/12/25 23:24:12 | 008,613,200 | ---- | C] (Microsoft Corp.) -- C:\Windows\SysNative\Windows.Media.Protection.PlayReady.dll
[2015/12/25 23:24:12 | 000,650,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/25 23:24:11 | 013,027,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2015/12/25 23:24:11 | 005,455,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Chakra.dll
[2015/12/25 23:24:09 | 018,801,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgehtml.dll
[2015/12/25 23:24:08 | 006,878,256 | ---- | C] (Microsoft Corp.) -- C:\Windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2015/12/25 23:24:06 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EthernetMediaManager.dll
[2015/12/25 23:24:06 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAMediaManager.dll
[2015/12/25 23:24:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserbroker.dll
[2015/12/25 23:24:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2015/12/25 23:24:05 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WlanMediaManager.dll
[2015/12/25 23:24:05 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2015/12/25 23:24:05 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MBMediaManager.dll
[2015/12/25 23:24:05 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.dll
[2015/12/25 23:24:05 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OneDriveSettingSyncProvider.dll
[2015/12/25 23:24:05 | 000,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppXDeploymentClient.dll
[2015/12/25 23:24:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RasMediaManager.dll
[2015/12/25 23:24:05 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2015/12/25 23:24:05 | 000,168,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetworkUXBroker.exe
[2015/12/25 23:24:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VEDataLayerHelpers.dll
[2015/12/25 23:24:05 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usoapi.dll
[2015/12/25 23:24:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Speech.Pal.dll
[2015/12/25 23:24:04 | 002,647,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2015/12/25 23:24:04 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.dll
[2015/12/25 23:24:04 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PlayToManager.dll
[2015/12/25 23:24:04 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LogonController.dll
[2015/12/25 23:24:04 | 000,484,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2015/12/25 23:24:04 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentClient.dll
[2015/12/25 23:24:03 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetworkMobileSettings.dll
[2015/12/25 23:24:03 | 000,762,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.appcore.dll
[2015/12/25 23:24:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MbaeApiPublic.dll
[2015/12/25 23:24:03 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TokenBroker.dll
[2015/12/25 23:24:03 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DataSenseHandlers.dll
[2015/12/25 23:24:03 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CredProvDataModel.dll
[2015/12/25 23:24:03 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VEEventDispatcher.dll
[2015/12/25 23:24:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Speech.dll
[2015/12/25 23:24:02 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.Web.Core.dll
[2015/12/25 23:24:02 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OneDriveSettingSyncProvider.dll
[2015/12/25 23:24:02 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2015/12/25 23:24:02 | 000,441,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe
[2015/12/25 23:24:02 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VEEventDispatcher.dll
[2015/12/25 23:24:02 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.LockScreen.dll
[2015/12/25 23:24:02 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dssvc.dll
[2015/12/25 23:24:01 | 003,248,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2015/12/25 23:24:01 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2015/12/25 23:24:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll
[2015/12/25 23:24:00 | 009,889,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2015/12/25 23:24:00 | 003,781,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingsHandlers_nt.dll
[2015/12/25 23:24:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockAppBroker.dll
[2015/12/25 23:23:59 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usermgr.dll
[2015/12/25 23:23:59 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LogonController.dll
[2015/12/25 23:23:59 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tileobjserver.dll
[2015/12/25 23:23:59 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CredProvDataModel.dll
[2015/12/25 23:23:58 | 001,601,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Speech.dll
[2015/12/25 23:23:58 | 000,966,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.appcore.dll
[2015/12/25 23:23:58 | 000,893,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeApiPublic.dll
[2015/12/25 23:23:58 | 000,654,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PlayToManager.dll
[2015/12/25 23:23:58 | 000,553,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe
[2015/12/25 23:23:58 | 000,517,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationController.dll
[2015/12/25 23:23:57 | 011,557,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2015/12/25 23:23:57 | 000,859,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modernexecserver.dll
[2015/12/25 23:23:57 | 000,796,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TokenBroker.dll
[2015/12/25 23:23:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll
[2015/12/25 23:23:45 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2015/12/25 23:23:45 | 004,047,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2015/12/25 23:23:45 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3mm.dll
[2015/12/25 23:23:45 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAMM.dll
[2015/12/25 23:23:45 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetworkStatus.dll
[2015/12/25 23:23:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthRadioMedia.dll
[2015/12/25 23:23:44 | 002,639,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2015/12/25 23:23:43 | 002,987,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2015/12/25 23:23:43 | 000,501,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2015/12/25 23:23:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KeywordDetectorMsftSidAdapter.dll
[2015/12/25 23:23:40 | 000,476,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2015/12/25 23:23:40 | 000,434,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2015/12/25 23:23:40 | 000,074,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\remoteaudioendpoint.dll
[2015/12/25 23:23:39 | 002,464,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2015/12/25 23:23:39 | 000,584,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015/12/25 23:23:38 | 000,899,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RemoteNaturalLanguage.dll
[2015/12/25 23:23:37 | 001,213,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RemoteNaturalLanguage.dll
[2015/12/25 23:23:36 | 002,147,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2015/12/25 23:23:36 | 000,591,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2015/12/25 23:23:36 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2015/12/25 23:23:36 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SubscriptionMgr.dll
[2015/12/25 23:23:35 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vaultsvc.dll
[2015/12/25 23:23:35 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2015/12/25 23:23:34 | 002,154,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2015/12/25 23:23:34 | 001,717,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2015/12/25 23:23:34 | 000,658,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2015/12/25 23:23:33 | 005,120,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\windows.storage.dll
[2015/12/25 23:23:33 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/12/25 23:23:33 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2015/12/25 23:23:33 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2015/12/25 23:23:26 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provhandlers.dll
[2015/12/25 23:23:25 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorService.dll
[2015/12/25 23:23:21 | 007,055,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BingMaps.dll
[2015/12/25 23:23:20 | 002,180,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2015/12/25 23:23:20 | 001,795,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2015/12/25 23:23:20 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSysprep.dll
[2015/12/25 23:23:14 | 006,487,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\windows.storage.dll
[2015/12/25 23:23:12 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2015/12/25 23:23:08 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.appcore.dll
[2015/12/25 23:23:08 | 001,467,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2015/12/25 23:23:08 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2015/12/25 23:23:06 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2015/12/25 23:23:05 | 001,710,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SRHInproc.dll
[2015/12/25 23:23:05 | 001,643,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2015/12/25 23:23:05 | 001,442,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SRHInproc.dll
[2015/12/25 23:23:05 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Wacom
[2015/12/25 23:23:04 | 007,569,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mos.dll
[2015/12/25 23:23:04 | 001,563,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2015/12/25 23:23:04 | 001,563,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2015/12/25 23:23:04 | 000,088,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\remoteaudioendpoint.dll
[2015/12/25 23:23:03 | 006,101,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mos.dll
[2015/12/25 23:23:02 | 002,156,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hevcdecoder.dll
[2015/12/25 23:23:02 | 001,714,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.appcore.dll
[2015/12/25 23:23:02 | 001,649,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/25 23:23:02 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/25 23:23:01 | 005,079,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BingMaps.dll
[2015/12/25 23:23:00 | 000,515,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\internetmail.dll
[2015/12/25 23:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2015/12/25 23:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2015/12/25 23:22:57 | 002,350,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2015/12/25 23:22:57 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2015/12/25 23:22:57 | 001,895,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hevcdecoder.dll
[2015/12/25 23:22:57 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LockAppBroker.dll
[2015/12/25 23:22:57 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.PicturePassword.dll
[2015/12/25 23:22:57 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ACPBackgroundManagerPolicy.dll
[2015/12/25 23:22:56 | 001,366,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/25 23:22:56 | 001,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2015/12/25 23:22:55 | 001,331,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2015/12/25 23:22:55 | 001,104,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2015/12/25 23:22:53 | 003,527,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2015/12/25 23:22:53 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2015/12/25 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2015/12/25 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2015/12/25 23:22:48 | 000,816,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2015/12/25 23:22:48 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmkvsrcsnk.dll
[2015/12/25 23:22:47 | 001,290,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Shell.dll
[2015/12/25 23:22:47 | 001,043,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2015/12/25 23:22:47 | 001,025,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2015/12/25 23:22:46 | 002,675,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.StateRepository.dll
[2015/12/25 23:22:46 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.StateRepository.dll
[2015/12/25 23:22:45 | 001,083,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/12/25 23:22:45 | 000,025,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2015/12/25 23:22:44 | 000,896,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2015/12/25 23:22:44 | 000,877,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2015/12/25 23:22:44 | 000,713,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2015/12/25 23:22:44 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmkvsrcsnk.dll
[2015/12/25 23:22:43 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SRH.dll
[2015/12/25 23:22:43 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SRH.dll
[2015/12/25 23:22:42 | 002,748,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2015/12/25 23:22:42 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2015/12/25 23:22:42 | 001,295,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpx.dll
[2015/12/25 23:22:42 | 001,015,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDXService.dll
[2015/12/25 23:22:42 | 000,910,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SharedStartModel.dll
[2015/12/25 23:22:42 | 000,845,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2015/12/25 23:22:42 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2015/12/25 23:22:42 | 000,784,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2015/12/25 23:22:42 | 000,781,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2015/12/25 23:22:42 | 000,646,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2015/12/25 23:22:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingsHandlers_UserAccount.dll
[2015/12/25 23:22:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VEDataLayerHelpers.dll
[2015/12/25 23:22:42 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KnobsCsp.dll
[2015/12/25 23:22:41 | 002,558,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2015/12/25 23:22:41 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/25 23:22:41 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2015/12/25 23:22:41 | 000,609,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2015/12/25 23:22:41 | 000,539,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontdrvhost.exe
[2015/12/25 23:22:41 | 000,303,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/12/25 23:22:40 | 002,415,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/25 23:22:40 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx02000.dll
[2015/12/25 23:22:40 | 000,632,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2015/12/25 23:22:40 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2015/12/25 23:22:40 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/25 23:22:40 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/25 23:22:40 | 000,555,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\directmanipulation.dll
[2015/12/25 23:22:40 | 000,505,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms2.sys
[2015/12/25 23:22:40 | 000,454,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\directmanipulation.dll
[2015/12/25 23:22:40 | 000,395,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2015/12/25 23:22:40 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ninput.dll
[2015/12/25 23:22:39 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz.dll
[2015/12/25 23:22:39 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz.dll
[2015/12/25 23:22:39 | 000,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2015/12/25 23:22:39 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakradiag.dll
[2015/12/25 23:22:39 | 000,607,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontdrvhost.exe
[2015/12/25 23:22:39 | 000,587,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2015/12/25 23:22:39 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/25 23:22:39 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dlnashext.dll
[2015/12/25 23:22:39 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StoreAgent.dll
[2015/12/25 23:22:39 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/25 23:22:39 | 000,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dlnashext.dll
[2015/12/25 23:22:39 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/25 23:22:39 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/12/25 23:22:39 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ninput.dll
[2015/12/25 23:22:39 | 000,252,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ContentDeliveryManager.Utilities.dll
[2015/12/25 23:22:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2015/12/25 23:22:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\coredpus.dll
[2015/12/25 23:22:39 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InstallAgent.exe
[2015/12/25 23:22:39 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2015/12/25 23:22:39 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnNetsh.dll
[2015/12/25 23:22:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2015/12/25 23:22:38 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfuimanager.dll
[2015/12/25 23:22:38 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfuimanager.dll
[2015/12/25 23:22:38 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Chakradiag.dll
[2015/12/25 23:22:38 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeApi.dll
[2015/12/25 23:22:38 | 000,527,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2015/12/25 23:22:38 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MbaeApi.dll
[2015/12/25 23:22:38 | 000,365,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/12/25 23:22:38 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptprov.dll
[2015/12/25 23:22:38 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptprov.dll
[2015/12/25 23:22:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwancfg.dll
[2015/12/25 23:22:38 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tetheringclient.dll
[2015/12/25 23:22:37 | 001,774,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2015/12/25 23:22:37 | 001,205,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Unistore.dll
[2015/12/25 23:22:37 | 001,203,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Devices.Bluetooth.dll
[2015/12/25 23:22:37 | 000,809,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CoreMessaging.dll
[2015/12/25 23:22:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2015/12/25 23:22:37 | 000,537,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2015/12/25 23:22:37 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2015/12/25 23:22:37 | 000,428,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2015/12/25 23:22:37 | 000,403,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmenrollengine.dll
[2015/12/25 23:22:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetSetupShim.dll
[2015/12/25 23:22:37 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2015/12/25 23:22:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Management.dll
[2015/12/25 23:22:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2015/12/25 23:22:37 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provisioningcsp.dll
[2015/12/25 23:22:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceEnroller.exe
[2015/12/25 23:22:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Speech.Pal.dll
[2015/12/25 23:22:36 | 001,612,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2015/12/25 23:22:36 | 001,294,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015/12/25 23:22:36 | 000,928,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Unistore.dll
[2015/12/25 23:22:36 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ContactApis.dll
[2015/12/25 23:22:36 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2015/12/25 23:22:36 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Devices.Usb.dll
[2015/12/25 23:22:36 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ngccredprov.dll
[2015/12/25 23:22:36 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll
[2015/12/25 23:22:36 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\syncutil.dll
[2015/12/25 23:22:36 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NetSetupShim.dll
[2015/12/25 23:22:36 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provengine.dll
[2015/12/25 23:22:36 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll
[2015/12/25 23:22:36 | 000,200,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wof.sys
[2015/12/25 23:22:35 | 001,123,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2015/12/25 23:22:35 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapControlCore.dll
[2015/12/25 23:22:35 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Devices.Bluetooth.dll
[2015/12/25 23:22:35 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ContactApis.dll
[2015/12/25 23:22:35 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Devices.Usb.dll
[2015/12/25 23:22:35 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationObjFactory.dll
[2015/12/25 23:22:35 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NotificationObjFactory.dll
[2015/12/25 23:22:35 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserMgrProxy.dll
[2015/12/25 23:22:35 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accountaccessor.dll
[2015/12/25 23:22:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fwpolicyiomgr.dll
[2015/12/25 23:22:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Internal.Management.dll
[2015/12/25 23:22:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetSetupSvc.dll
[2015/12/25 23:22:35 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cloudAP.dll
[2015/12/25 23:22:35 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fwpolicyiomgr.dll
[2015/12/25 23:22:34 | 001,061,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2015/12/25 23:22:34 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapControlCore.dll
[2015/12/25 23:22:34 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppointmentApis.dll
[2015/12/25 23:22:34 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CoreMessaging.dll
[2015/12/25 23:22:34 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdmregistration.dll
[2015/12/25 23:22:34 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\enrollmentapi.dll
[2015/12/25 23:22:34 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserMgrProxy.dll
[2015/12/25 23:22:34 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mdmregistration.dll
[2015/12/25 23:22:33 | 001,018,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015/12/25 23:22:33 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2015/12/25 23:22:33 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ChatApis.dll
[2015/12/25 23:22:33 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ChatApis.dll
[2015/12/25 23:22:33 | 000,243,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015/12/25 23:22:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2015/12/25 23:22:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2015/12/25 23:22:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2015/12/25 23:22:33 | 000,102,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\omadmapi.dll
[2015/12/25 23:22:32 | 000,980,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SecConfig.efi
[2015/12/25 23:22:32 | 000,858,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2015/12/25 23:22:32 | 000,701,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JpMapControl.dll
[2015/12/25 23:22:32 | 000,292,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockAppHost.exe
[2015/12/25 23:22:32 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VoiceActivationManager.dll
[2015/12/25 23:22:31 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EmailApis.dll
[2015/12/25 23:22:31 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MessagingDataModel2.dll
[2015/12/25 23:22:31 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2015/12/25 23:22:31 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MusUpdateHandlers.dll
[2015/12/25 23:22:31 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsApi.dll
[2015/12/25 23:22:31 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsApi.dll
[2015/12/25 23:22:31 | 000,243,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LockAppHost.exe
[2015/12/25 23:22:31 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinBioDataModel.dll
[2015/12/25 23:22:31 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CallHistoryClient.dll
[2015/12/25 23:22:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsNativeApi.V2.dll
[2015/12/25 23:22:31 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MDMAppInstaller.exe
[2015/12/25 23:22:31 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPNv2CSP.dll
[2015/12/25 23:22:31 | 000,078,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/12/25 23:22:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SensorsNativeApi.V2.dll
[2015/12/25 23:22:31 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EnterpriseDesktopAppMgmtCSP.dll
[2015/12/25 23:22:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2015/12/25 23:22:30 | 000,918,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015/12/25 23:22:30 | 000,801,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2015/12/25 23:22:30 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EmailApis.dll
[2015/12/25 23:22:30 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KnobsCore.dll
[2015/12/25 23:22:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MusNotificationUx.exe
[2015/12/25 23:22:30 | 000,052,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wpcfltr.sys
[2015/12/25 23:22:30 | 000,046,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2015/12/25 23:22:29 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingsHandlers_Notifications.dll
[2015/12/25 23:22:28 | 000,928,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JpMapControl.dll
[2015/12/25 23:22:28 | 000,700,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2015/12/25 23:22:28 | 000,508,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015/12/25 23:22:28 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuuhext.dll
[2015/12/25 23:22:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VoiceActivationManager.dll
[2015/12/25 23:22:27 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2015/12/25 23:22:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFrameworkInternalPS.dll
[2015/12/25 23:22:23 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapsStore.dll
[2015/12/25 23:22:22 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppointmentApis.dll
[2015/12/25 23:22:22 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MessagingDataModel2.dll
[2015/12/25 23:22:22 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserDataAccountApis.dll
[2015/12/25 23:22:22 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VEStoreEventHandlers.dll
[2015/12/25 23:22:22 | 000,113,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2015/12/25 23:22:22 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2015/12/25 23:22:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Cortana.Desktop.dll
[2015/12/25 23:22:21 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shutdownux.dll
[2015/12/25 23:22:21 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\omadmclient.exe
[2015/12/25 23:22:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationControllerPS.dll
[2015/12/25 23:22:20 | 001,087,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015/12/25 23:22:20 | 000,993,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2015/12/25 23:22:20 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapConfiguration.dll
[2015/12/25 23:22:20 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhoneCallHistoryApis.dll
[2015/12/25 23:22:20 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationWiFiAdapter.dll
[2015/12/25 23:22:19 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationWebproxy.dll
[2015/12/25 23:22:18 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2015/12/25 23:22:17 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Bluetooth.dll
[2015/12/25 23:22:16 | 000,845,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZST.DLL
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZST.DLL
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/25 23:22:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/25 23:22:15 | 000,594,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Shell.Broker.dll
[2015/12/25 23:22:15 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationCrowdsource.dll
[2015/12/25 23:22:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationPeIP.dll
[2015/12/25 23:22:14 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapConfiguration.dll
[2015/12/25 23:22:14 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserDataAccountApis.dll
[2015/12/25 23:22:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhoneCallHistoryApis.dll
[2015/12/25 23:22:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\profext.dll
[2015/12/25 23:22:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profext.dll
[2015/12/25 23:22:11 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provops.dll
[2015/12/25 23:22:10 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EnterpriseModernAppMgmtCSP.dll
[2015/12/25 23:22:08 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GamePanel.exe
[2015/12/25 23:22:08 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Core.TextInput.dll
[2015/12/25 23:22:06 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GamePanel.exe
[2015/12/25 23:22:06 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationPeWiFi.dll
[2015/12/25 23:22:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationPeCell.dll
[2015/12/25 23:22:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SharedStartModelShim.dll
[2015/12/25 23:22:05 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReInfo.dll
[2015/12/25 00:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2015/12/25 00:51:32 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\WTablet
[2015/12/25 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2015/12/25 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2015/12/25 00:51:24 | 000,015,160 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys
[2015/12/25 00:51:21 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01009.dll
[2015/12/25 00:51:21 | 000,090,424 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wachidrouter.sys
[2015/12/25 00:51:21 | 000,014,136 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2015/12/25 00:51:14 | 001,913,624 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2015/12/25 00:51:14 | 001,906,968 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2015/12/25 00:51:14 | 001,780,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll
[2015/12/25 00:51:14 | 001,778,968 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2015/12/25 00:51:14 | 001,551,640 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2015/12/25 00:51:14 | 001,544,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2015/12/25 00:51:14 | 001,432,344 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll
[2015/12/25 00:51:14 | 001,428,248 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2015/12/25 00:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2015/12/25 00:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2015/12/25 00:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2015/12/25 00:40:42 | 000,056,336 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2015/12/25 00:40:42 | 000,011,376 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2015/12/25 00:40:42 | 000,010,864 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2015/12/25 00:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2015/12/25 00:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2015/12/25 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2015/12/25 00:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2015/12/25 00:34:56 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Adobe
[2015/12/25 00:12:27 | 000,000,000 | ---D | C] -- C:\Users\biven\Desktop\wallpaper
[2015/12/24 23:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/12/24 23:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2015/12/24 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Google
[2015/12/24 23:57:06 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Macromedia
[2015/12/24 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\MicrosoftEdge
[2015/12/24 23:55:47 | 000,000,000 | R--D | C] -- C:\Users\biven\OneDrive
[2015/12/24 23:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2015/12/24 23:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Update
[2015/12/24 23:53:56 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Comms
[2015/12/24 23:52:47 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Publishers
[2015/12/24 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Power2Go8
[2015/12/24 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\DropboxOEM
[2015/12/24 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\DropboxOEM
[2015/12/24 23:51:56 | 000,000,000 | R--D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2015/12/24 23:51:56 | 000,000,000 | R--D | C] -- C:\Users\biven\Searches
[2015/12/24 23:51:56 | 000,000,000 | R--D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015/12/24 23:51:55 | 000,000,000 | R--D | C] -- C:\Users\biven\Contacts
[2015/12/24 23:51:51 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Adobe
[2015/12/24 23:51:45 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\VirtualStore
[2015/12/24 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Packages
[2015/12/24 23:51:39 | 000,000,000 | -H-D | C] -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/12/24 23:51:39 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\TileDataLayer
[2015/12/24 23:51:38 | 000,000,000 | -HSD | C] -- C:\Users\biven\IntelGraphicsProfiles
[2015/12/24 23:51:38 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Intel
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\AppData\Local\Temporary Internet Files
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Templates
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Start Menu
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\SendTo
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Recent
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\PrintHood
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\NetHood
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Documents\My Videos
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Documents\My Pictures
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Documents\My Music
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\My Documents
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Local Settings
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\AppData\Local\History
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Cookies
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\Application Data
[2015/12/24 23:50:17 | 000,000,000 | -HSD | C] -- C:\Users\biven\AppData\Local\Application Data
[2015/12/24 23:50:15 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Temp
[2015/12/24 23:50:15 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Local\Microsoft
[2015/12/24 23:50:14 | 000,000,000 | --SD | C] -- C:\Users\biven\AppData\Roaming\Microsoft
[2015/12/24 23:50:14 | 000,000,000 | R-SD | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Videos
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Saved Games
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Pictures
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Music
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Links
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Favorites
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Downloads
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Documents
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\Desktop
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2015/12/24 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2015/12/24 23:50:14 | 000,000,000 | -H-D | C] -- C:\Users\biven\AppData
[2015/12/24 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\biven\Roaming
[2015/12/24 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2015/12/17 16:08:28 | 002,560,512 | ---- | C] (winpcoptimizerbetatwo) -- C:\Windows\Allpcoptimizer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/12/27 14:35:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\biven\Desktop\OTL.com
[2015/12/27 14:25:13 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 14.lnk
[2015/12/27 14:25:13 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2015/12/27 14:25:13 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/12/27 14:25:13 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2015/12/27 14:25:07 | 000,000,352 | ---- | M] () -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015/12/27 14:25:07 | 000,000,334 | ---- | M] () -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015/12/27 14:22:35 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-8S8J809_biven_HistoryPrediction.bin
[2015/12/27 14:19:31 | 000,875,126 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/27 14:19:31 | 000,740,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/27 14:19:31 | 000,138,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/27 14:14:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/27 14:13:18 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/27 14:12:58 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/27 14:12:44 | 000,000,180 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015/12/27 14:12:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/12/27 14:12:06 | 3400,994,816 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/27 14:03:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/27 13:49:45 | 022,908,888 | ---- | M] (Malwarebytes                                                ) -- C:\Users\biven\Desktop\mbam-setup-2.2.0.1024.exe
[2015/12/27 13:43:54 | 001,599,336 | ---- | M] (Malwarebytes) -- C:\Users\biven\Desktop\JRT.exe
[2015/12/27 13:42:51 | 000,001,024 | ---- | M] () -- C:\.rnd
[2015/12/27 12:49:28 | 1140,757,548 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/12/26 00:33:12 | 003,933,496 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL
[2015/12/26 00:33:12 | 002,458,936 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\LdaCx2.dll
[2015/12/26 00:33:12 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2015/12/26 00:33:12 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2015/12/26 00:33:12 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2015/12/26 00:08:03 | 000,201,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/25 23:49:18 | 000,187,904 | ---- | M] () -- C:\Windows\rsrcs.dll
[2015/12/24 23:51:35 | 000,016,148 | ---- | M] () -- C:\Windows\SysNative\DESKTOP-8S8J809_defaultuser0_HistoryPrediction.bin
[2015/12/17 16:08:28 | 002,560,512 | ---- | M] (winpcoptimizerbetatwo) -- C:\Windows\Allpcoptimizer.exe
[2015/12/17 16:08:28 | 000,155,136 | ---- | M] () -- C:\Windows\Allpcoptimizer.pdb
[2015/11/30 22:03:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys
[2015/11/30 21:54:19 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Chakradiag.dll
[2015/11/30 21:51:02 | 007,523,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Chakra.dll
[2015/11/30 21:49:35 | 004,792,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/11/30 20:59:46 | 005,455,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Chakra.dll
[2015/11/30 16:32:22 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/11/30 16:32:22 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/12/27 14:22:35 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-8S8J809_biven_HistoryPrediction.bin
[2015/12/27 13:50:10 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/12/27 12:49:28 | 1140,757,548 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/12/25 23:49:43 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2015/12/25 23:49:18 | 000,187,904 | ---- | C] () -- C:\Windows\rsrcs.dll
[2015/12/25 23:40:31 | 000,001,024 | ---- | C] () -- C:\.rnd
[2015/12/25 23:23:09 | 002,494,712 | ---- | C] () -- C:\Windows\SysNative\CoreUIComponents.dll
[2015/12/25 23:23:09 | 001,766,952 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll
[2015/12/25 23:22:59 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2015/12/25 23:22:39 | 002,446,336 | ---- | C] () -- C:\Windows\SysNative\InputService.dll
[2015/12/25 23:22:38 | 001,823,232 | ---- | C] () -- C:\Windows\SysWow64\InputService.dll
[2015/12/25 23:22:35 | 000,247,296 | ---- | C] () -- C:\Windows\SysNative\facecredentialprovider.dll
[2015/12/25 23:22:31 | 000,413,184 | ---- | C] () -- C:\Windows\SysNative\diagtrack_win.dll
[2015/12/25 23:22:31 | 000,404,480 | ---- | C] () -- C:\Windows\SysNative\diagtrack_wininternal.dll
[2015/12/25 23:22:29 | 000,293,376 | ---- | C] () -- C:\Windows\SysNative\TextInputFramework.dll
[2015/12/25 23:22:23 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TextInputFramework.dll
[2015/12/25 23:22:21 | 000,008,847 | ---- | C] () -- C:\Windows\SysNative\ResPriHMImageList
[2015/12/25 00:47:36 | 000,001,257 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 14.lnk
[2015/12/25 00:47:36 | 000,001,251 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 14.lnk
[2015/12/24 23:58:23 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/24 23:58:23 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/24 23:55:47 | 000,002,363 | ---- | C] () -- C:\Users\biven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2015/12/24 23:51:35 | 000,016,148 | ---- | C] () -- C:\Windows\SysNative\DESKTOP-8S8J809_defaultuser0_HistoryPrediction.bin
[2015/12/24 23:50:16 | 000,000,352 | ---- | C] () -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015/12/24 23:50:16 | 000,000,334 | ---- | C] () -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015/12/24 23:47:20 | 000,000,180 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015/12/17 16:08:28 | 000,155,136 | ---- | C] () -- C:\Windows\Allpcoptimizer.pdb
[2015/09/25 00:03:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/07/10 04:20:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2015/07/10 03:04:39 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2015/07/10 03:04:38 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2015/07/10 03:00:35 | 000,161,632 | ---- | C] () -- C:\Windows\SysWow64\weretw.dll
[2015/07/10 03:00:33 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2015/07/10 03:00:32 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/07/10 03:00:31 | 000,156,672 | ---- | C] () -- C:\Windows\SysWow64\MTF.dll
[2015/07/10 03:00:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\dtdump.exe
[2015/07/10 03:00:29 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\InputLocaleManager.dll
[2015/07/10 03:00:29 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EditBufferTestHook.dll
[2015/07/10 03:00:29 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\WpKbdLayout.dll
[2015/07/10 03:00:29 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\WordBreakers.dll
[2015/07/10 03:00:28 | 000,270,848 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll
[2015/07/10 03:00:27 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2015/07/10 03:00:26 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\efsext.dll
[2015/07/10 03:00:25 | 000,002,269 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015/07/10 03:00:24 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2015/07/10 02:59:51 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2015/01/25 17:05:32 | 000,000,167 | ---- | C] () -- C:\Windows\Allpcoptimizer.exe.config
 
========== ZeroAccess Check ==========
 
[2015/09/25 00:24:17 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015/09/16 22:49:11 | 006,487,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015/09/16 22:28:40 | 005,120,056 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/07/10 02:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/07/10 03:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/07/10 02:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/12/27 14:06:36 | 000,000,000 | ---D | M] -- C:\Users\biven\AppData\Roaming\ContentCleaner
[2015/12/24 23:52:50 | 000,000,000 | ---D | M] -- C:\Users\biven\AppData\Roaming\DropboxOEM
[2015/12/25 23:55:54 | 000,000,000 | ---D | M] -- C:\Users\biven\AppData\Roaming\Origin
[2015/12/25 23:23:05 | 000,000,000 | ---D | M] -- C:\Users\biven\AppData\Roaming\Wacom
[2015/12/25 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\biven\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2015/12/25 23:47:43 | 000,002,305 | R--- | M] ()(C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk) -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
[2015/12/25 23:47:36 | 000,002,281 | R--- | M] ()(C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk) -- C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
[2015/12/24 23:58:41 | 000,002,305 | R--- | C] ()(C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk) -- C:\Users\biven\Application Data\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk
[2015/12/24 23:58:41 | 000,002,281 | R--- | C] ()(C:\Users\Public\Desktop\G??gl? ?hr?m?.lnk) -- C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk

< End of report >

 

Link to post
Share on other sites

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL
Copy everthing in RED and Paste into the box in the OTL program !!
:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE:64bit: - HKLM\..\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
IE - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]


# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !
Thanks
Chuck

 

 

 

Link to post
Share on other sites

this is exactly what I copied. if you see something wrong help me.

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE:64bit: - HKLM\..\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
IE - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

Link to post
Share on other sites

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Link to post
Share on other sites

# DelFix v1.011 - Logfile created 27/12/2015 at 15:39:11
# Updated 18/08/2015 by Xplode
# Username : biven - DESKTOP-8S8J809
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\biven\Desktop\JRT.exe
Deleted : C:\Users\biven\Desktop\JRT.txt
Deleted : C:\Users\biven\Downloads\adwcleaner_5.026.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2 [Windows Modules Installer | 12/25/2015 07:43:35]
Deleted : RP #3 [Windows Modules Installer | 12/25/2015 07:44:02]
Deleted : RP #4 [JRT Pre-Junkware Removal | 12/27/2015 21:44:01]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Link to post
Share on other sites

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

[url= https://adblockplus.org/en/firefox] adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

Link to post
Share on other sites
Guest
This topic is now closed to further replies.