Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Pop Ups won't stop, requesting installation of Lightspark and other programs


  • This topic is locked This topic is locked
16 replies to this topic

#1 tnagle3

tnagle3

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 06 March 2014 - 11:31 PM

Thanks for your help. I am working with my neighbor, whose PC seemed to pick up a touch of something bad during a recent trip to West Virginia (he mentioned connecting to an unsecure wifi network in a hotel). Pop ups start via IE after about 5 mins of browsing. I've run Malabytes Antimalware multiple times, but it does not flush out the problem. I also notice there is a proxy redirect configured that I cannot unconfigure (returns upon reboot after removing). 

 

DSS log is pasted below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 1.6.0_29
Run by Skip Casper at 22:17:39 on 2014-03-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2932.1514 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Re-Markable\Re-Markable_wd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Re-Markable\Re-Markable154.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
C:\Users\Skip Casper\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Users\SKIPCA~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\SKIPCA~1\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
c:\users\skipca~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HsfXAudioService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
uProxyServer = hxxp=127.0.0.1:13828
uProxyOverride = <local>
BHO: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} - 
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - c:\program files\nuance\naturallyspeaking12\program\ieShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} - 
TB: Avery Toolbar: {41565256-3700-A76A-76A7-7A786E7484D7} - 
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
uRun: [Google Update] "c:\users\skip casper\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\skip casper\appdata\local\akamai\netsession_win.exe"
uRun: [ALconnect] c:\users\skip casper\appdata\roaming\directlife\alconnect\ALconnect.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [Power2GoExpress] <no file>
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliType Pro] "c:\program files\microsoft mouse and keyboard center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft mouse and keyboard center\ipoint.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking12\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking12\Ereg.ini"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ACWLIcon] c:\program files\lenovo\access connections\ACWLIcon.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\users\skipca~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\skip casper\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\skipca~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sendto~1.lnk - c:\program files\microsoft office 15\root\office15\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SALESF~1.LNK - 
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{42C67437-D2F0-4D36-AFBA-C2E2B1492795} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776}\35B696077237020786F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776}\36963736F63726 : DHCPNameServer = 192.168.0.5 192.168.0.31
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776}\645656279636B6 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{C015C639-68F6-4051-824A-43F56D370776}\84F4D454D203833383 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E468F162-AC4F-4B48-9A75-944F5ED9445E} : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\skip casper\appdata\roaming\mozilla\firefox\profiles\ik3o7tsm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\nuance\natura~1\program\npDgnRia.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\skip casper\appdata\local\citrix\plugins\94\npappdetector.dll
FF - plugin: c:\users\skip casper\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\users\skip casper\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\skip casper\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\skip casper\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-01-09 18:23; 2vffxtbr@DailyBibleGuide.com; c:\users\skip casper\appdata\roaming\mozilla\firefox\profiles\ik3o7tsm.default\extensions\2vffxtbr@DailyBibleGuide.com
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2013-10-1 15664]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-15 24304]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-4-23 13480]
R1 MpKsl09f7863a;MpKsl09f7863a;c:\programdata\microsoft\microsoft antimalware\definition updates\{29a86e67-2d54-400e-ab50-669cec6a36e6}\MpKsl09f7863a.sys [2014-3-6 39464]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-12 166352]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2012-8-16 152576]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2013-5-8 7454608]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2013-2-11 311184]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-6-15 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-6-15 74088]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-10-9 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-10-9 69640]
R2 OfficeSvc;Microsoft Office Service;c:\program files\microsoft office 15\clientx86\integratedoffice.exe [2013-11-27 1320120]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Re-Markable;Re-Markable;c:\program files\re-markable\Re-Markable154.exe [2014-2-23 181248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-23 63928]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-15 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-6-15 127232]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-15 29472]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2013-10-1 338736]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-6-15 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-15 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-15 232448]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-6-15 1006624]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-1-6 45736]
S3 DisplayLinkUsbIo;DisplayLinkUsbIo;c:\windows\system32\drivers\DisplayLinkUsbIo_7.2.47873.0.sys [2013-5-13 36752]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-15 132456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-6-15 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-6-15 75112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-2 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-4 49152]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-23 45496]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-03-07 03:54:26 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29a86e67-2d54-400e-ab50-669cec6a36e6}\MpKsl09f7863a.sys
2014-03-06 16:18:48 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3a164f82-8cfa-4dbf-9b19-2d811130925c}\gapaengine.dll
2014-03-06 16:18:28 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29a86e67-2d54-400e-ab50-669cec6a36e6}\mpengine.dll
2014-03-04 17:01:00 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-03-04 16:43:55 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-03-04 16:15:43 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-04 16:15:14 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-03-04 16:15:11 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-04 16:15:08 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-04 16:15:04 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-03-04 16:15:04 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-03-04 16:15:04 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-04 16:15:04 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-03-04 16:15:04 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-03-04 16:15:04 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-04 16:15:03 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-03-04 16:15:03 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-03-04 16:13:54 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-04 16:01:40 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-04 16:00:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 16:00:33 -------- d-----w- c:\program files\iPod
2014-03-04 16:00:32 -------- d-----w- c:\program files\iTunes
2014-03-04 15:34:48 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2014-02-27 14:54:19 -------- d-----w- c:\windows\Migration
2014-02-23 13:52:51 -------- d-----w- c:\program files\Uninstaller
2014-02-23 13:45:18 -------- d-----w- c:\program files\Re-Markable
2014-02-12 23:59:29 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-11 17:14:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-11 17:14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-10 21:28:14 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-02-09 18:49:27 -------- d-----w- c:\users\skip casper\appdata\local\{D68B2EA5-47F7-499C-A932-852CFAC579C7}
2014-02-08 20:50:07 -------- d-----w- c:\users\skip casper\appdata\local\IsolatedStorage
2014-02-07 02:33:57 -------- d-----w- c:\program files\Quicken
.
==================== Find3M  ====================
.
2014-03-05 16:54:25 59 ----a-w- c:\windows\wpd99.drv
2014-02-22 21:54:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 21:54:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-13 21:10:44 4200744 ----a-w- c:\windows\system32\cdintf400.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x84052000]<< >>UNKNOWN [0x8CA70000]<< >>UNKNOWN [0x8CA5F000]<< >>UNKNOWN [0x8C0AA000]<< >>UNKNOWN [0x8401B000]<< >>UNKNOWN [0x8C220000]<< 
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x84088BBA] -> \Device\Harddisk0\DR0[0x891AD030]
\Driver\Disk[0x891ABBB0] -> IRP_MJ_CREATE -> 0x8CA7439F
3 [0x8CA7459E] -> ntkrnlpa!IofCallDriver[0x84088BBA] -> [0x8764EAC0]
\Driver\ACPI[0x8686B980] -> IRP_MJ_CREATE -> 0x8C0B34CC
5 [0x8C0B33D4] -> ntkrnlpa!IofCallDriver[0x84088BBA] -> \Device\Ide\IAAStorageDevice-0[0x875DC028]
\Driver\iaStor[0x8761F648] -> IRP_MJ_CREATE -> 0x8C246C54
kernel: MBR read successfully
_asm { JMP 0x10;  }
user & kernel MBR OK 
copy of MBR has been found in sector 8 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:18:39.99 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 07 March 2014 - 03:55 AM

Hello,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 03:22 PM

TDSSKiller log:

14:03:47.0356 0x186c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
14:03:53.0868 0x186c  ============================================================
14:03:53.0868 0x186c  Current date / time: 2014/03/07 14:03:53.0868
14:03:53.0868 0x186c  SystemInfo:
14:03:53.0868 0x186c  
14:03:53.0868 0x186c  OS Version: 6.1.7601 ServicePack: 1.0
14:03:53.0868 0x186c  Product type: Workstation
14:03:53.0868 0x186c  ComputerName: SKIPCASPER
14:03:53.0868 0x186c  UserName: Skip Casper
14:03:53.0868 0x186c  Windows directory: C:\Windows
14:03:53.0868 0x186c  System windows directory: C:\Windows
14:03:53.0868 0x186c  Processor architecture: Intel x86
14:03:53.0868 0x186c  Number of processors: 4
14:03:53.0868 0x186c  Page size: 0x1000
14:03:53.0868 0x186c  Boot type: Normal boot
14:03:53.0868 0x186c  ============================================================
14:03:56.0278 0x186c  KLMD registered as C:\Windows\system32\drivers\23672449.sys
14:03:56.0468 0x186c  System UUID: {8342C93A-BAC3-A2A5-3291-6395DE6EEDED}
14:03:57.0024 0x186c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:03:57.0029 0x186c  Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:03:57.0029 0x186c  ============================================================
14:03:57.0029 0x186c  \Device\Harddisk0\DR0:
14:03:57.0029 0x186c  MBR partitions:
14:03:57.0029 0x186c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
14:03:57.0029 0x186c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
14:03:57.0029 0x186c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
14:03:57.0029 0x186c  \Device\Harddisk1\DR1:
14:03:57.0029 0x186c  MBR partitions:
14:03:57.0029 0x186c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
14:03:57.0029 0x186c  ============================================================
14:03:57.0054 0x186c  C: <-> \Device\Harddisk0\DR0\Partition2
14:03:57.0099 0x186c  Q: <-> \Device\Harddisk0\DR0\Partition3
14:03:57.0099 0x186c  ============================================================
14:03:57.0099 0x186c  Initialize success
14:03:57.0099 0x186c  ============================================================
14:04:23.0611 0x1888  ============================================================
14:04:23.0611 0x1888  Scan started
14:04:23.0611 0x1888  Mode: Manual; SigCheck; TDLFS; 
14:04:23.0611 0x1888  ============================================================
14:04:23.0611 0x1888  KSN ping started
14:04:26.0167 0x1888  KSN ping finished: true
14:04:26.0942 0x1888  ================ Scan system memory ========================
14:04:26.0942 0x1888  System memory - ok
14:04:26.0942 0x1888  ================ Scan services =============================
14:04:27.0152 0x1888  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:04:27.0272 0x1888  1394ohci - ok
14:04:27.0347 0x1888  [ 5E67A474CBC887DAF0DDD343F6F7FEA0, 2228D6FCDD031D3CF149BF0E63CFD4439F21B3A7E4FFC5CE23232AC1AE904FED ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
14:04:27.0397 0x1888  5U877 - ok
14:04:27.0462 0x1888  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:04:27.0482 0x1888  ACPI - ok
14:04:27.0577 0x1888  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:04:27.0647 0x1888  AcpiPmi - ok
14:04:27.0762 0x1888  [ C8B90210AAD4C319916598D0312D8FCA, A9B532646766B2A95B6E3ECFE3B2ED9FAA805C47CFCC20169E8BA158B4981FF7 ] AcPrfMgrSvc     C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
14:04:27.0782 0x1888  AcPrfMgrSvc - ok
14:04:27.0847 0x1888  [ 5C17051BD808F6FF708BC9F2D0445092, AA5B59B49A6272F4BA820C22219FDEDEE9A5C1E957E82AEB484AC7A5CE12FFE6 ] AcSvc           C:\Program Files\Lenovo\Access Connections\AcSvc.exe
14:04:27.0872 0x1888  AcSvc - ok
14:04:27.0902 0x1888  ADM851X - ok
14:04:28.0032 0x1888  [ E42F7B36B4D8866184E8DF9776CA4226, CBF1AD67FD17927CC5762491DFAB219B22C8BC7E3D6427B019C652EDBB6251BA ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
14:04:28.0112 0x1888  AdobeActiveFileMonitor - detected UnsignedFile.Multi.Generic ( 1 )
14:04:28.0592 0x1888  Detect skipped due to KSN trusted
14:04:28.0592 0x1888  AdobeActiveFileMonitor - ok
14:04:28.0767 0x1888  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:04:28.0787 0x1888  AdobeARMservice - ok
14:04:28.0902 0x1888  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:28.0922 0x1888  AdobeFlashPlayerUpdateSvc - ok
14:04:28.0997 0x1888  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:04:29.0032 0x1888  adp94xx - ok
14:04:29.0057 0x1888  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:04:29.0087 0x1888  adpahci - ok
14:04:29.0107 0x1888  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:04:29.0122 0x1888  adpu320 - ok
14:04:29.0147 0x1888  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:04:29.0182 0x1888  AeLookupSvc - ok
14:04:29.0247 0x1888  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
14:04:29.0337 0x1888  AFD - ok
14:04:29.0377 0x1888  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:04:29.0392 0x1888  agp440 - ok
14:04:29.0452 0x1888  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:04:29.0467 0x1888  aic78xx - ok
14:04:29.0722 0x1888  [ BBE9054FDADC8D49D29C5DA4FB84A803, 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF ] Akamai          c:\program files\common files\akamai/netsession_win_8fa3539.dll
14:04:29.0722 0x1888  Suspicious file ( Hidden ): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803, sha256: 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF
14:04:29.0727 0x1888  Akamai - detected HiddenFile.Multi.Generic ( 1 )
14:04:30.0207 0x1888  Detect skipped due to KSN trusted
14:04:30.0207 0x1888  Akamai - ok
14:04:30.0302 0x1888  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:04:30.0347 0x1888  ALG - ok
14:04:30.0397 0x1888  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:04:30.0412 0x1888  aliide - ok
14:04:30.0427 0x1888  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:04:30.0442 0x1888  amdagp - ok
14:04:30.0482 0x1888  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:04:30.0497 0x1888  amdide - ok
14:04:30.0547 0x1888  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:04:30.0612 0x1888  AmdK8 - ok
14:04:30.0622 0x1888  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:04:30.0657 0x1888  AmdPPM - ok
14:04:30.0707 0x1888  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:04:30.0722 0x1888  amdsata - ok
14:04:30.0777 0x1888  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:04:30.0797 0x1888  amdsbs - ok
14:04:30.0817 0x1888  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:04:30.0827 0x1888  amdxata - ok
14:04:30.0962 0x1888  [ B342CD9AA44E4AE99E2368EBDBC2E17A, C3081358313A982F53CAD54C214AFECAD9660A59FB4A3DDFE068724E83041AF8 ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
14:04:31.0002 0x1888  APNMCP - ok
14:04:31.0062 0x1888  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:04:31.0202 0x1888  AppID - ok
14:04:31.0257 0x1888  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:04:31.0312 0x1888  AppIDSvc - ok
14:04:31.0372 0x1888  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:04:31.0437 0x1888  Appinfo - ok
14:04:31.0567 0x1888  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:31.0577 0x1888  Apple Mobile Device - ok
14:04:31.0592 0x1888  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:04:31.0627 0x1888  AppMgmt - ok
14:04:31.0682 0x1888  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:04:31.0697 0x1888  arc - ok
14:04:31.0712 0x1888  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:04:31.0727 0x1888  arcsas - ok
14:04:31.0892 0x1888  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:04:31.0912 0x1888  aspnet_state - ok
14:04:31.0952 0x1888  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:32.0067 0x1888  AsyncMac - ok
14:04:32.0132 0x1888  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:04:32.0147 0x1888  atapi - ok
14:04:32.0222 0x1888  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:04:32.0292 0x1888  AudioEndpointBuilder - ok
14:04:32.0327 0x1888  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:04:32.0367 0x1888  Audiosrv - ok
14:04:32.0457 0x1888  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:04:32.0507 0x1888  AxInstSV - ok
14:04:32.0537 0x1888  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:04:32.0597 0x1888  b06bdrv - ok
14:04:32.0642 0x1888  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:04:32.0667 0x1888  b57nd60x - ok
14:04:32.0822 0x1888  [ F2E8CEFC8CF4D6454F4121C5FF93136A, DFD05AD328BD0FDD8BF44043C40084A6DF98BF6F5CEAE71BF793176AF6ADFBBB ] BBSvc           C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
14:04:32.0842 0x1888  BBSvc - ok
14:04:32.0897 0x1888  [ 6E1BCC590C9D30FEE8FC14DBD053CE94, 4F698D399225A890B7FDCE3773E504B2880534ED1C0F4C37589568C44BA51743 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
14:04:32.0912 0x1888  BBUpdate - ok
14:04:32.0947 0x1888  [ 14196079DDDD871D8BA6C406C15C3F4A, DB8A5487384FF378A0DB510D7FE3AB889C4BD1D4D4005D496455CB7082044F30 ] bcm             C:\Windows\system32\DRIVERS\drxvi314.sys
14:04:33.0032 0x1888  bcm - ok
14:04:33.0067 0x1888  [ 360C731BD6537C635C8D15B2F0D49669, 23C464CBAA429CEBCE304DE5481B8893D7968D7F9D6B7D493FD790BEA962819C ] bcmbusctr       C:\Windows\system32\DRIVERS\BcmBusCtr.sys
14:04:33.0122 0x1888  bcmbusctr - ok
14:04:33.0172 0x1888  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:04:33.0212 0x1888  BDESVC - ok
14:04:33.0262 0x1888  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:04:33.0292 0x1888  Beep - ok
14:04:33.0367 0x1888  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:04:33.0427 0x1888  BFE - ok
14:04:33.0467 0x1888  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
14:04:33.0522 0x1888  BITS - ok
14:04:33.0537 0x1888  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:04:33.0577 0x1888  blbdrive - ok
14:04:33.0682 0x1888  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:04:33.0717 0x1888  Bonjour Service - ok
14:04:33.0752 0x1888  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:04:33.0782 0x1888  bowser - ok
14:04:33.0792 0x1888  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:04:33.0867 0x1888  BrFiltLo - ok
14:04:33.0877 0x1888  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:04:33.0907 0x1888  BrFiltUp - ok
14:04:33.0947 0x1888  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:04:33.0967 0x1888  Browser - ok
14:04:33.0987 0x1888  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:04:34.0012 0x1888  Brserid - ok
14:04:34.0027 0x1888  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:04:34.0062 0x1888  BrSerWdm - ok
14:04:34.0082 0x1888  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:04:34.0117 0x1888  BrUsbMdm - ok
14:04:34.0142 0x1888  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:04:34.0182 0x1888  BrUsbSer - ok
14:04:34.0242 0x1888  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:04:34.0297 0x1888  BthEnum - ok
14:04:34.0317 0x1888  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:04:34.0352 0x1888  BTHMODEM - ok
14:04:34.0377 0x1888  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:04:34.0392 0x1888  BthPan - ok
14:04:34.0462 0x1888  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:04:34.0502 0x1888  BTHPORT - ok
14:04:34.0567 0x1888  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:04:34.0617 0x1888  bthserv - ok
14:04:34.0642 0x1888  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:04:34.0672 0x1888  BTHUSB - ok
14:04:34.0722 0x1888  [ F549C3FB145A4928E40BB1518B2034DC, FAD5B228B43FEC582DBDD91903216C1B170AC3C426E1F3420985988559F2AC49 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
14:04:34.0742 0x1888  btusbflt - ok
14:04:34.0772 0x1888  [ F8B4F60768328FAA2FFE2727F66809F8, 7281200791AC91AB88D5D338AA6B5401AA2039E2963F94C13B4887E73C3F8EE7 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:04:34.0782 0x1888  btwaudio - ok
14:04:34.0837 0x1888  [ FA7446DD38DE84D4988D1F2EBB854589, 5F9C674C6811CC7DA60111B758433800246C967D8C1551391823390D8F4F30A1 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
14:04:34.0852 0x1888  btwavdt - ok
14:04:34.0952 0x1888  [ 56CB951571E2C6E69990F40220467359, 7E01690D01626D3FE2C03681434F87CDCA6F756CA8997CBE198AC590435D1F33 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:04:34.0992 0x1888  btwdins - ok
14:04:35.0017 0x1888  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:04:35.0027 0x1888  btwl2cap - ok
14:04:35.0037 0x1888  [ D5862FBC1CBC0404614FD9D85C8D880E, C05BC43415BD646CA950E177F3D3829C6600024061D19CDFB6507DC46A824144 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:04:35.0047 0x1888  btwrchid - ok
14:04:35.0137 0x1888  [ 0F5CA31BB3FDB5C1E63C170CFBECC93B, 29D76F880515855AC962C23025D7BDAAD501BCD5BCCF73BE368CCA352FAA47C9 ] CamDrL          C:\Windows\system32\DRIVERS\Camdrl.sys
14:04:35.0187 0x1888  CamDrL - ok
14:04:35.0242 0x1888  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:04:35.0292 0x1888  cdfs - ok
14:04:35.0357 0x1888  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:04:35.0402 0x1888  cdrom - ok
14:04:35.0447 0x1888  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:04:35.0497 0x1888  CertPropSvc - ok
14:04:35.0522 0x1888  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:04:35.0542 0x1888  circlass - ok
14:04:35.0577 0x1888  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:04:35.0597 0x1888  CLFS - ok
14:04:35.0642 0x1888  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:35.0652 0x1888  clr_optimization_v2.0.50727_32 - ok
14:04:35.0737 0x1888  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:04:35.0752 0x1888  clr_optimization_v4.0.30319_32 - ok
14:04:35.0762 0x1888  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:04:35.0777 0x1888  CmBatt - ok
14:04:35.0817 0x1888  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:04:35.0832 0x1888  cmdide - ok
14:04:35.0877 0x1888  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:04:35.0912 0x1888  CNG - ok
14:04:36.0002 0x1888  [ 2FE437862D0CAA879B3C01EF353EDDA7, 5A831A79AABC9721DBB1CDEC02629A373B5DD13EE386A42AF9BBEF33C14373E8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
14:04:36.0037 0x1888  CnxtHdAudService - ok
14:04:36.0082 0x1888  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:04:36.0092 0x1888  Compbatt - ok
14:04:36.0147 0x1888  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:04:36.0167 0x1888  CompositeBus - ok
14:04:36.0187 0x1888  COMSysApp - ok
14:04:36.0262 0x1888  [ C295EF49BE39C1170D44F90E740C5D61, AE7A113F7B7B103310468D555B025AB7FDB150F530B67865CEC4ED7FFD852374 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe
14:04:36.0352 0x1888  CrashPlanService - detected UnsignedFile.Multi.Generic ( 1 )
14:04:36.0832 0x1888  Detect skipped due to KSN trusted
14:04:36.0832 0x1888  CrashPlanService - ok
14:04:36.0932 0x1888  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:04:36.0947 0x1888  crcdisk - ok
14:04:37.0007 0x1888  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:04:37.0052 0x1888  CryptSvc - ok
14:04:37.0102 0x1888  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
14:04:37.0177 0x1888  CSC - ok
14:04:37.0237 0x1888  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
14:04:37.0302 0x1888  CscService - ok
14:04:37.0372 0x1888  [ 0C527B30712D735D8CB61B5187C36587, CDBA2E19C27952EB7079EF3293FB6C09752BE928F345F46197999D2B38BA7CA0 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
14:04:37.0387 0x1888  dc3d - ok
14:04:37.0412 0x1888  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:04:37.0482 0x1888  DcomLaunch - ok
14:04:37.0512 0x1888  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:04:37.0562 0x1888  defragsvc - ok
14:04:37.0632 0x1888  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:04:37.0682 0x1888  DfsC - ok
14:04:37.0742 0x1888  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:04:37.0787 0x1888  Dhcp - ok
14:04:37.0817 0x1888  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:04:37.0867 0x1888  discache - ok
14:04:37.0917 0x1888  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:04:37.0937 0x1888  Disk - ok
14:04:38.0212 0x1888  [ 7A249F034151479EF24C31235370C164, DDE25323A266006809E55181B29DAC6CEF4D40B36CF1D7DD6DE6F4D474183D95 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
14:04:38.0472 0x1888  DisplayLinkService - ok
14:04:38.0572 0x1888  [ 85B076CD348FFA007562BBA02ACF6A39, E0E71A409933457E9EA36896B91666BA26F85165658F73C2041B33EE9274D919 ] DisplayLinkUsbIo C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys
14:04:38.0582 0x1888  DisplayLinkUsbIo - ok
14:04:38.0612 0x1888  DisplayLinkUsbPort - ok
14:04:38.0657 0x1888  [ 2BDC6ACA41925992F676FDBCF6D1DA21, EDCD2148C4A41A8C76C0D2AA32B67DF0DC0EB8C8528CAD4536EA57873853FB67 ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
14:04:38.0682 0x1888  dlkmd - ok
14:04:38.0697 0x1888  [ 8C29832364FA14D293C695484F4AC110, ABEE7749F087069C1F971E73FA4AE7F1DE11CE90E0F2D399EC3730CDE91C61A5 ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
14:04:38.0712 0x1888  dlkmdldr - ok
14:04:38.0772 0x1888  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:04:38.0812 0x1888  Dnscache - ok
14:04:38.0867 0x1888  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:04:38.0917 0x1888  dot3svc - ok
14:04:38.0962 0x1888  [ E00B3CE273B17AEE1259C105DF5524CA, F4896FC70CF5FDEF86CD3763F7E7220AEEBD16CC5CAE327AEBFC7812D42C67CB ] DozeHDD         C:\Windows\system32\DRIVERS\DozeHDD.sys
14:04:38.0972 0x1888  DozeHDD - ok
14:04:38.0997 0x1888  [ 1CFD5B47A899CFFF4CB5C44B8B66F0C2, 249EDA288097788880BECA0DB6B8474EF925C443D54C82162762E7F1425051E3 ] DozeSvc         C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
14:04:39.0012 0x1888  DozeSvc - ok
14:04:39.0092 0x1888  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:04:39.0152 0x1888  DPS - ok
14:04:39.0282 0x1888  [ CCA30A1F8398B46431A03CF6BB0F8789, 98EB10F1021BB51A7C427FC518E63569273DC98A74F02ADC7C6A86EBFD11C093 ] DragonSvc       C:\Program Files\Common Files\Nuance\dgnsvc.exe
14:04:39.0307 0x1888  DragonSvc - ok
14:04:39.0377 0x1888  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:04:39.0437 0x1888  drmkaud - ok
14:04:39.0517 0x1888  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:04:39.0562 0x1888  DXGKrnl - ok
14:04:39.0642 0x1888  [ A13F07A0422E4A04E7FF6F6F3B05E729, 9DE9F2E476707A02F6615A0A53A0BE07B3E7C9ABD16C03E73C82648FECC224BE ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
14:04:39.0657 0x1888  e1kexpress - ok
14:04:39.0677 0x1888  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:04:39.0707 0x1888  EapHost - ok
14:04:39.0862 0x1888  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:04:40.0017 0x1888  ebdrv - ok
14:04:40.0057 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
14:04:40.0092 0x1888  EFS - ok
14:04:40.0192 0x1888  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:04:40.0232 0x1888  ehRecvr - ok
14:04:40.0287 0x1888  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
14:04:40.0302 0x1888  ehSched - ok
14:04:40.0332 0x1888  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:04:40.0367 0x1888  elxstor - ok
14:04:40.0407 0x1888  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:04:40.0442 0x1888  ErrDev - ok
14:04:40.0507 0x1888  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:04:40.0547 0x1888  EventSystem - ok
14:04:40.0567 0x1888  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:04:40.0602 0x1888  exfat - ok
14:04:40.0622 0x1888  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:04:40.0677 0x1888  fastfat - ok
14:04:40.0722 0x1888  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:04:40.0782 0x1888  Fax - ok
14:04:40.0832 0x1888  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:04:40.0847 0x1888  fdc - ok
14:04:40.0902 0x1888  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:04:40.0932 0x1888  fdPHost - ok
14:04:40.0942 0x1888  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:04:40.0992 0x1888  FDResPub - ok
14:04:41.0013 0x1888  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:04:41.0028 0x1888  FileInfo - ok
14:04:41.0038 0x1888  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:04:41.0088 0x1888  Filetrace - ok
14:04:41.0113 0x1888  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:04:41.0153 0x1888  flpydisk - ok
14:04:41.0198 0x1888  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:04:41.0213 0x1888  FltMgr - ok
14:04:41.0308 0x1888  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:04:41.0383 0x1888  FontCache - ok
14:04:41.0433 0x1888  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:04:41.0443 0x1888  FontCache3.0.0.0 - ok
14:04:41.0458 0x1888  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:04:41.0468 0x1888  FsDepends - ok
14:04:41.0533 0x1888  [ D909075FA72C090F27AA926C32CB4612, F8610C20C4DD499D5B4ACEBD7107E52E25B6449AEED58D1A203F7D654B55C4DF ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:04:41.0543 0x1888  fssfltr - ok
14:04:41.0623 0x1888  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:04:41.0688 0x1888  fsssvc - ok
14:04:41.0733 0x1888  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:04:41.0748 0x1888  Fs_Rec - ok
14:04:41.0798 0x1888  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:04:41.0818 0x1888  fvevol - ok
14:04:41.0878 0x1888  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:04:41.0898 0x1888  gagp30kx - ok
14:04:41.0983 0x1888  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:04:41.0993 0x1888  GEARAspiWDM - ok
14:04:42.0043 0x1888  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:04:42.0118 0x1888  gpsvc - ok
14:04:42.0178 0x1888  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:04:42.0193 0x1888  gupdate - ok
14:04:42.0243 0x1888  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:04:42.0253 0x1888  gupdatem - ok
14:04:42.0278 0x1888  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:04:42.0318 0x1888  hcw85cir - ok
14:04:42.0383 0x1888  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:04:42.0438 0x1888  HdAudAddService - ok
14:04:42.0488 0x1888  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:04:42.0533 0x1888  HDAudBus - ok
14:04:42.0588 0x1888  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
14:04:42.0643 0x1888  HECI - ok
14:04:42.0678 0x1888  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:04:42.0693 0x1888  HidBatt - ok
14:04:42.0743 0x1888  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:04:42.0778 0x1888  HidBth - ok
14:04:42.0798 0x1888  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:04:42.0843 0x1888  HidIr - ok
14:04:42.0873 0x1888  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
14:04:42.0903 0x1888  hidserv - ok
14:04:42.0958 0x1888  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:04:43.0013 0x1888  HidUsb - ok
14:04:43.0058 0x1888  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:04:43.0108 0x1888  hkmsvc - ok
14:04:43.0148 0x1888  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:04:43.0168 0x1888  HomeGroupListener - ok
14:04:43.0223 0x1888  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:04:43.0278 0x1888  HomeGroupProvider - ok
14:04:43.0308 0x1888  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:04:43.0323 0x1888  HpSAMD - ok
14:04:43.0423 0x1888  [ 210388FD8225B02BD83D77628AAE64A9, EFB755244CDF8344E14528CF46A6D43C1E8266A307603A63023D8955925FE0C3 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
14:04:43.0508 0x1888  HsfXAudioService - ok
14:04:43.0628 0x1888  [ C761B4A8391F5E47F7C51A691CE773F4, FDECE4A213F6200B381149DA7C7236E0B26F6AD8BFA09BE678E391FF924BA0DE ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:04:43.0723 0x1888  HSF_DPV - ok
14:04:43.0763 0x1888  [ 50B42EF358A2E5363BE6B77138A22391, 8ACFA56E332338047CEBE8F87AE6614B9222DFDD49C48FA6F3C3C4AED3206B9F ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:04:43.0828 0x1888  HSXHWAZL - ok
14:04:43.0908 0x1888  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:04:43.0958 0x1888  HTTP - ok
14:04:44.0013 0x1888  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:04:44.0028 0x1888  hwpolicy - ok
14:04:44.0103 0x1888  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:04:44.0148 0x1888  i8042prt - ok
14:04:44.0208 0x1888  [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A, EB783FC244BEA8522E1351A0612E29AE74D11CEC0DB4A3668D9BE905FFFD4AC2 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:04:44.0228 0x1888  iaStor - ok
14:04:44.0318 0x1888  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:04:44.0348 0x1888  iaStorV - ok
14:04:44.0418 0x1888  [ 400D7095D5AE08970F839BCAC1843106, 58C47509CEB320A7154922CFD8CBCA79DD903B402717E9C35672E10D48F9FF15 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:04:44.0428 0x1888  IBMPMDRV - ok
14:04:44.0488 0x1888  [ 06AF18300C5B511A3D85C3E0B7909C10, 2311128787D2297E769C7D5C01193A0498CD76C396092A8DE9C56CE5422C0241 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
14:04:44.0498 0x1888  IBMPMSVC - ok
14:04:44.0623 0x1888  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:04:44.0658 0x1888  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:04:45.0133 0x1888  Detect skipped due to KSN trusted
14:04:45.0133 0x1888  IDriverT - ok
14:04:45.0248 0x1888  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:04:45.0298 0x1888  idsvc - ok
14:04:45.0353 0x1888  IEEtwCollectorService - ok
14:04:45.0698 0x1888  [ 45D1BFFAECF68A2247FC0E3B78A0ADFA, 85EE238B52BD1D2BE6CCD5D9A7087A51BAF5E5E501AA7EA018285E5567A53781 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:04:46.0143 0x1888  igfx - ok
14:04:46.0223 0x1888  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:04:46.0238 0x1888  iirsp - ok
14:04:46.0323 0x1888  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:04:46.0413 0x1888  IKEEXT - ok
14:04:46.0483 0x1888  [ 2DB41BA61D5E44D0667CF126D35DCF34, AFD9EE3167C8BA0B547DBA8D559401F49EC4ACEBFF2BFE7598A0BC61491C45F8 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
14:04:46.0543 0x1888  Impcd - ok
14:04:46.0603 0x1888  [ 4EA6B57A3B71FD1A208AF054E97FBA37, 590AF022F02083996FA06187BE470CDEC11DA91BE077EA52B1415C048B8BE720 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:04:46.0668 0x1888  IntcDAud - ok
14:04:46.0703 0x1888  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:04:46.0718 0x1888  intelide - ok
14:04:46.0733 0x1888  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:04:46.0768 0x1888  intelppm - ok
14:04:46.0818 0x1888  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:04:46.0873 0x1888  IPBusEnum - ok
14:04:46.0898 0x1888  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:04:46.0953 0x1888  IpFilterDriver - ok
14:04:47.0018 0x1888  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:04:47.0073 0x1888  iphlpsvc - ok
14:04:47.0123 0x1888  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:04:47.0163 0x1888  IPMIDRV - ok
14:04:47.0188 0x1888  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:04:47.0233 0x1888  IPNAT - ok
14:04:47.0318 0x1888  [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:04:47.0353 0x1888  iPod Service - ok
14:04:47.0373 0x1888  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:04:47.0413 0x1888  IRENUM - ok
14:04:47.0428 0x1888  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:04:47.0443 0x1888  isapnp - ok
14:04:47.0488 0x1888  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:04:47.0508 0x1888  iScsiPrt - ok
14:04:47.0573 0x1888  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:04:47.0588 0x1888  IviRegMgr - ok
14:04:47.0643 0x1888  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:04:47.0658 0x1888  kbdclass - ok
14:04:47.0668 0x1888  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:04:47.0703 0x1888  kbdhid - ok
14:04:47.0728 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
14:04:47.0753 0x1888  KeyIso - ok
14:04:47.0798 0x1888  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:04:47.0813 0x1888  KSecDD - ok
14:04:47.0843 0x1888  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:04:47.0863 0x1888  KSecPkg - ok
14:04:47.0883 0x1888  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:04:47.0953 0x1888  KtmRm - ok
14:04:48.0018 0x1888  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:04:48.0073 0x1888  LanmanServer - ok
14:04:48.0123 0x1888  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:04:48.0173 0x1888  LanmanWorkstation - ok
14:04:48.0258 0x1888  [ 70481DABD9ADAB51A6933C5893B82925, 058690744CF783456DFCAAFDA853D020446C479DADBA38DF92EDFBC96F79D241 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:04:48.0268 0x1888  LENOVO.CAMMUTE - ok
14:04:48.0338 0x1888  [ C88EB33793420A79F601FB5E33E2EDD9, D1FBA5271A98A0953BBACD91F82F54C2875DD22AE62BE249CBE7F6E95E5AC512 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:04:48.0353 0x1888  LENOVO.MICMUTE - ok
14:04:48.0368 0x1888  [ 3C3F7F424E324C6971632C5DE5FF458F, 932369A793C6FD527F7AD205B230E64228D54E8A1B17D8684EC43C71337BE9B1 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
14:04:48.0378 0x1888  lenovo.smi - ok
14:04:48.0393 0x1888  [ D0DAF6A22037F6DEE706A095C647AA41, 26FC2E6F423E19879C37D565C8C025EFBB2165C40E96078B4ECD2A77F3CEA55D ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:04:48.0403 0x1888  LENOVO.TPKNRSVC - ok
14:04:48.0468 0x1888  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:04:48.0518 0x1888  lltdio - ok
14:04:48.0563 0x1888  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:04:48.0618 0x1888  lltdsvc - ok
14:04:48.0643 0x1888  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:04:48.0688 0x1888  lmhosts - ok
14:04:48.0758 0x1888  [ 044CAEC23B5959A09F8E6F71B365E405, 48F17FAAF4DB5C48CCD8669237A74CCF8FA161EA26F9E58D6848B53AC1E31CB9 ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:04:48.0778 0x1888  LMS - detected UnsignedFile.Multi.Generic ( 1 )
14:04:49.0258 0x1888  Detect skipped due to KSN trusted
14:04:49.0258 0x1888  LMS - ok
14:04:49.0308 0x1888  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:04:49.0323 0x1888  LSI_FC - ok
14:04:49.0338 0x1888  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:04:49.0353 0x1888  LSI_SAS - ok
14:04:49.0368 0x1888  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:04:49.0383 0x1888  LSI_SAS2 - ok
14:04:49.0393 0x1888  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:04:49.0408 0x1888  LSI_SCSI - ok
14:04:49.0458 0x1888  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:04:49.0513 0x1888  luafv - ok
14:04:49.0573 0x1888  [ 64BC29C3A0388BFC580BB8B1346F7659, 4BB25AEAEF4F4DB9A318858A365402429D23FEB281FAB4C96583402961F0E544 ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
14:04:49.0583 0x1888  LVUSBSta - ok
14:04:49.0623 0x1888  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:04:49.0638 0x1888  Mcx2Svc - ok
14:04:49.0683 0x1888  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:04:49.0733 0x1888  mdmxsdk - ok
14:04:49.0743 0x1888  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:04:49.0758 0x1888  megasas - ok
14:04:49.0773 0x1888  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:04:49.0793 0x1888  MegaSR - ok
14:04:49.0818 0x1888  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:04:49.0873 0x1888  MMCSS - ok
14:04:49.0898 0x1888  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:04:49.0928 0x1888  Modem - ok
14:04:49.0988 0x1888  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:04:50.0018 0x1888  monitor - ok
14:04:50.0058 0x1888  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:04:50.0073 0x1888  mouclass - ok
14:04:50.0083 0x1888  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:04:50.0123 0x1888  mouhid - ok
14:04:50.0158 0x1888  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:04:50.0173 0x1888  mountmgr - ok
14:04:50.0273 0x1888  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:04:50.0288 0x1888  MozillaMaintenance - ok
14:04:50.0373 0x1888  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:04:50.0393 0x1888  MpFilter - ok
14:04:50.0408 0x1888  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:04:50.0423 0x1888  mpio - ok
14:04:50.0618 0x1888  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsle70ba853   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29A86E67-2D54-400E-AB50-669CEC6A36E6}\MpKsle70ba853.sys
14:04:50.0633 0x1888  MpKsle70ba853 - ok
14:04:50.0703 0x1888  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:04:50.0753 0x1888  mpsdrv - ok
14:04:50.0803 0x1888  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:04:50.0878 0x1888  MpsSvc - ok
14:04:50.0913 0x1888  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:04:50.0953 0x1888  MRxDAV - ok
14:04:50.0993 0x1888  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:04:51.0059 0x1888  mrxsmb - ok
14:04:51.0109 0x1888  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:04:51.0134 0x1888  mrxsmb10 - ok
14:04:51.0144 0x1888  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:51.0159 0x1888  mrxsmb20 - ok
14:04:51.0204 0x1888  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:04:51.0219 0x1888  msahci - ok
14:04:51.0259 0x1888  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:04:51.0274 0x1888  msdsm - ok
14:04:51.0299 0x1888  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:04:51.0339 0x1888  MSDTC - ok
14:04:51.0394 0x1888  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:04:51.0424 0x1888  Msfs - ok
14:04:51.0434 0x1888  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:04:51.0464 0x1888  mshidkmdf - ok
14:04:51.0509 0x1888  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:04:51.0519 0x1888  msisadrv - ok
14:04:51.0574 0x1888  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:04:51.0624 0x1888  MSiSCSI - ok
14:04:51.0629 0x1888  msiserver - ok
14:04:51.0669 0x1888  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:04:51.0699 0x1888  MSKSSRV - ok
14:04:51.0804 0x1888  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:04:51.0819 0x1888  MsMpSvc - ok
14:04:51.0834 0x1888  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:51.0884 0x1888  MSPCLOCK - ok
14:04:51.0909 0x1888  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:04:51.0954 0x1888  MSPQM - ok
14:04:51.0984 0x1888  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:04:52.0004 0x1888  MsRPC - ok
14:04:52.0049 0x1888  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:04:52.0064 0x1888  mssmbios - ok
14:04:52.0074 0x1888  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:04:52.0099 0x1888  MSTEE - ok
14:04:52.0114 0x1888  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:04:52.0144 0x1888  MTConfig - ok
14:04:52.0169 0x1888  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:04:52.0184 0x1888  Mup - ok
14:04:52.0259 0x1888  [ C29F284FF7AB4ED38CE419A9424E52A2, 3FFB5ACC3A0E8DD45C33C11BE9772F01FBEB902D9E5AD4DC5130AADABD1BF947 ] MXOPSWD         C:\Windows\system32\DRIVERS\mxopswd.sys
14:04:52.0289 0x1888  MXOPSWD - ok
14:04:52.0334 0x1888  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:04:52.0379 0x1888  napagent - ok
14:04:52.0434 0x1888  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:04:52.0469 0x1888  NativeWifiP - ok
14:04:52.0534 0x1888  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:04:52.0574 0x1888  NDIS - ok
14:04:52.0629 0x1888  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:04:52.0679 0x1888  NdisCap - ok
14:04:52.0714 0x1888  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:52.0744 0x1888  NdisTapi - ok
14:04:52.0794 0x1888  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:52.0824 0x1888  Ndisuio - ok
14:04:52.0874 0x1888  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:52.0904 0x1888  NdisWan - ok
14:04:52.0954 0x1888  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:04:52.0999 0x1888  NDProxy - ok
14:04:53.0064 0x1888  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
14:04:53.0079 0x1888  Netaapl - ok
14:04:53.0124 0x1888  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:04:53.0174 0x1888  NetBIOS - ok
14:04:53.0214 0x1888  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:04:53.0249 0x1888  NetBT - ok
14:04:53.0259 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
14:04:53.0274 0x1888  Netlogon - ok
14:04:53.0299 0x1888  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:04:53.0369 0x1888  Netman - ok
14:04:53.0434 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:04:53.0454 0x1888  NetMsmqActivator - ok
14:04:53.0504 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:04:53.0519 0x1888  NetPipeActivator - ok
14:04:53.0559 0x1888  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:04:53.0629 0x1888  netprofm - ok
14:04:53.0659 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:04:53.0669 0x1888  NetTcpActivator - ok
14:04:53.0679 0x1888  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:04:53.0694 0x1888  NetTcpPortSharing - ok
14:04:53.0844 0x1888  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
14:04:54.0044 0x1888  netw5v32 - ok
14:04:54.0099 0x1888  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:04:54.0114 0x1888  nfrd960 - ok
14:04:54.0199 0x1888  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:04:54.0214 0x1888  NisDrv - ok
14:04:54.0229 0x1888  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:04:54.0249 0x1888  NisSrv - ok
14:04:54.0354 0x1888  [ 16DD3C2E76DD18BE9AEDE350A1F8D80D, 9272F6498FFDBA72C8BE91D62A5F416A434D36080B48FDF09BD7F60D91C632C2 ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
14:04:54.0374 0x1888  NitroDriverReadSpool8 - ok
14:04:54.0424 0x1888  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:04:54.0469 0x1888  NlaSvc - ok
14:04:54.0529 0x1888  [ 59194C84ACC776FD4B9A037030331E96, FAC38C466C3F31722C87B0B1260ACA9BE50D3FBD6DAA46A9A4E282A2E7D11D37 ] nlsX86cc        C:\Windows\system32\NLSSRV32.EXE
14:04:54.0544 0x1888  nlsX86cc - ok
14:04:54.0569 0x1888  Nmea - ok
14:04:54.0604 0x1888  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:04:54.0634 0x1888  Npfs - ok
14:04:54.0659 0x1888  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:04:54.0689 0x1888  nsi - ok
14:04:54.0714 0x1888  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:04:54.0764 0x1888  nsiproxy - ok
14:04:54.0854 0x1888  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:04:54.0914 0x1888  Ntfs - ok
14:04:54.0999 0x1888  [ 6A4DDC2EB0E1D497EBA301AFAD3A6BBE, B359EEEE682F2DB407129E1EF62430344BF3C7B3C3404A3BD5E9C6BFCF88C70D ] NTService1      C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
14:04:55.0084 0x1888  NTService1 - detected UnsignedFile.Multi.Generic ( 1 )
14:04:55.0559 0x1888  Detect skipped due to KSN trusted
14:04:55.0559 0x1888  NTService1 - ok
14:04:55.0619 0x1888  [ 37BE10FF10A92031FC5A01E8363925CC, CB07869ABAC2FD2B052CB05810B6B0987A38DD63C90FD5377121E027FAD0312A ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
14:04:55.0629 0x1888  NuidFltr - ok
14:04:55.0644 0x1888  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:04:55.0699 0x1888  Null - ok
14:04:55.0744 0x1888  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:04:55.0764 0x1888  nvraid - ok
14:04:55.0794 0x1888  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:04:55.0814 0x1888  nvstor - ok
14:04:55.0859 0x1888  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:04:55.0874 0x1888  nv_agp - ok
14:04:55.0944 0x1888  [ 93213C7EC08E01E37A935BF144E75DF6, 238284E020F2F029EC7A3951A49A6802B0D49229B7D2E33924A3A4D32B8B7A33 ] NWADI           C:\Windows\system32\DRIVERS\NWADIenum.sys
14:04:55.0984 0x1888  NWADI - ok
14:04:56.0074 0x1888  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:04:56.0104 0x1888  odserv - ok
14:04:56.0279 0x1888  [ AB9FA69D52A368B58CE409002DA1C739, 97FE7508DF5FFD2FB34D05AF7E7D8D6DDDC3D2F69C1A98565ED8CE1619650679 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
14:04:56.0339 0x1888  OfficeSvc - ok
14:04:56.0404 0x1888  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:04:56.0439 0x1888  ohci1394 - ok
14:04:56.0519 0x1888  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:56.0534 0x1888  ose - ok
14:04:56.0759 0x1888  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:04:56.0979 0x1888  osppsvc - ok
14:04:57.0049 0x1888  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:04:57.0094 0x1888  p2pimsvc - ok
14:04:57.0154 0x1888  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:04:57.0189 0x1888  p2psvc - ok
14:04:57.0209 0x1888  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:04:57.0224 0x1888  Parport - ok
14:04:57.0269 0x1888  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:04:57.0289 0x1888  partmgr - ok
14:04:57.0299 0x1888  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:04:57.0334 0x1888  Parvdm - ok
14:04:57.0364 0x1888  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:04:57.0384 0x1888  PcaSvc - ok
14:04:57.0434 0x1888  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:04:57.0449 0x1888  pci - ok
14:04:57.0489 0x1888  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:04:57.0499 0x1888  pciide - ok
14:04:57.0529 0x1888  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:04:57.0544 0x1888  pcmcia - ok
14:04:57.0579 0x1888  PCTINDIS5 - ok
14:04:57.0609 0x1888  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:04:57.0624 0x1888  pcw - ok
14:04:57.0654 0x1888  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:04:57.0709 0x1888  PEAUTH - ok
14:04:57.0754 0x1888  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:04:57.0839 0x1888  PeerDistSvc - ok
14:04:57.0999 0x1888  [ D0F9F362023BF94CF58A1C3CDBBEBE06, 47C2282058F25B12877A4D96CA3A61AA274ED74B4B4E81E111ED93742F0BA7EA ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
14:04:58.0034 0x1888  PhotoshopElementsDeviceConnect - detected UnsignedFile.Multi.Generic ( 1 )
14:04:58.0509 0x1888  Detect skipped due to KSN trusted
14:04:58.0509 0x1888  PhotoshopElementsDeviceConnect - ok
14:04:58.0639 0x1888  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:04:58.0754 0x1888  pla - ok
14:04:58.0809 0x1888  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:04:58.0884 0x1888  PlugPlay - ok
14:04:58.0954 0x1888  [ B4079D61B5C6B4919BDE17C38202E236, A14F5F8441DCCC85E13CED006E8FB6A9A515595DF5B146E72F42AA7FC8F8C42F ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
14:04:59.0039 0x1888  pmxdrv - detected UnsignedFile.Multi.Generic ( 1 )
14:04:59.0519 0x1888  Detect skipped due to KSN trusted
14:04:59.0519 0x1888  pmxdrv - ok
14:04:59.0639 0x1888  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:04:59.0704 0x1888  PNRPAutoReg - ok
14:04:59.0719 0x1888  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:04:59.0749 0x1888  PNRPsvc - ok
14:04:59.0829 0x1888  [ 0648C9DB881557749039CFEE5E97E1A3, B26D87A585D611B0B14133A353AABE0CC305E5080A6A5701095A4DFB0D41C319 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
14:04:59.0844 0x1888  Point32 - ok
14:04:59.0929 0x1888  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:04:59.0974 0x1888  PolicyAgent - ok
14:04:59.0989 0x1888  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:05:00.0019 0x1888  Power - ok
14:05:00.0074 0x1888  [ 61F79E1BC440323138C7701C761D2525, C9A747A0F34E4D5B1543EB14A97811E2C17A40E37DB7060DA3538243A81CE6F6 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:05:00.0084 0x1888  Power Manager DBC Service - ok
14:05:00.0139 0x1888  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:05:00.0189 0x1888  PptpMiniport - ok
14:05:00.0224 0x1888  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:05:00.0239 0x1888  Processor - ok
14:05:00.0299 0x1888  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:05:00.0354 0x1888  ProfSvc - ok
14:05:00.0369 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:05:00.0389 0x1888  ProtectedStorage - ok
14:05:00.0444 0x1888  [ 72DE205CD4006DC45B1401859C506679, E5F7A616D2ECE172ECB13F7492D34B853E92F0F5AD5A727A0683DC5C32985D3A ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
14:05:00.0459 0x1888  psadd - ok
14:05:00.0509 0x1888  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:05:00.0554 0x1888  Psched - ok
14:05:00.0639 0x1888  [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
14:05:00.0649 0x1888  PSI - ok
14:05:00.0709 0x1888  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:05:00.0724 0x1888  PxHelp20 - ok
14:05:00.0814 0x1888  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:05:00.0874 0x1888  ql2300 - ok
14:05:00.0894 0x1888  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:05:00.0909 0x1888  ql40xx - ok
14:05:00.0934 0x1888  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:05:00.0964 0x1888  QWAVE - ok
14:05:00.0984 0x1888  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:05:00.0999 0x1888  QWAVEdrv - ok
14:05:01.0014 0x1888  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:05:01.0070 0x1888  RasAcd - ok
14:05:01.0105 0x1888  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:05:01.0160 0x1888  RasAgileVpn - ok
14:05:01.0190 0x1888  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:05:01.0225 0x1888  RasAuto - ok
14:05:01.0270 0x1888  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:05:01.0315 0x1888  Rasl2tp - ok
14:05:01.0375 0x1888  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:05:01.0430 0x1888  RasMan - ok
14:05:01.0455 0x1888  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:05:01.0480 0x1888  RasPppoe - ok
14:05:01.0495 0x1888  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:05:01.0540 0x1888  RasSstp - ok
14:05:01.0580 0x1888  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:05:01.0630 0x1888  rdbss - ok
14:05:01.0655 0x1888  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:05:01.0675 0x1888  rdpbus - ok
14:05:01.0715 0x1888  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:05:01.0760 0x1888  RDPCDD - ok
14:05:01.0795 0x1888  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:05:01.0860 0x1888  RDPDR - ok
14:05:01.0905 0x1888  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:05:01.0950 0x1888  RDPENCDD - ok
14:05:01.0975 0x1888  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:05:02.0020 0x1888  RDPREFMP - ok
14:05:02.0095 0x1888  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:05:02.0135 0x1888  RdpVideoMiniport - ok
14:05:02.0170 0x1888  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:05:02.0230 0x1888  RDPWD - ok
14:05:02.0295 0x1888  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:05:02.0310 0x1888  rdyboost - ok
14:05:02.0400 0x1888  [ C9DAAF5FF77B9D94A80CCEDA0C1C2DB2, 20D18AF28AECF27644FB6EDA863FF2A0BE10E4E5C4E6241E278B1DE3653FF07B ] Re-Markable     C:\Program Files\Re-Markable\Re-Markable154.exe
14:05:02.0465 0x1888  Re-Markable - detected UnsignedFile.Multi.Generic ( 1 )
14:05:03.0020 0x1888  Re-Markable ( UnsignedFile.Multi.Generic ) - warning
14:05:03.0020 0x1888  Force sending object to P2P due to detect: C:\Program Files\Re-Markable\Re-Markable154.exe
14:05:05.0796 0x1888  Object send P2P result: true
14:05:08.0341 0x1888  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\Windows\system32\drivers\regi.sys
14:05:08.0351 0x1888  regi - ok
14:05:08.0381 0x1888  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:05:08.0426 0x1888  RemoteAccess - ok
14:05:08.0461 0x1888  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:05:08.0496 0x1888  RemoteRegistry - ok
14:05:08.0561 0x1888  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:05:08.0581 0x1888  RFCOMM - ok
14:05:08.0646 0x1888  [ 616EAC1B0E48B236A5A9B8AE07FDB81C, B336AD485AE908DCEB50102C0E6295E1ED60E29F311EE69947AB80AADF2A62FD ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
14:05:08.0661 0x1888  RimUsb - ok
14:05:08.0721 0x1888  [ 2C4FB2E9F039287767C384E46EE91030, 5290E9457256C007A3FCAE246D0C536179C54D9F4B365E3143B9D0764FCBFCDB ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
14:05:08.0741 0x1888  RimVSerPort - ok
14:05:08.0756 0x1888  [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
14:05:08.0796 0x1888  ROOTMODEM - ok
14:05:08.0856 0x1888  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:05:08.0891 0x1888  RpcEptMapper - ok
14:05:08.0916 0x1888  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:05:08.0951 0x1888  RpcLocator - ok
14:05:08.0991 0x1888  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:05:09.0026 0x1888  RpcSs - ok
14:05:09.0081 0x1888  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:05:09.0131 0x1888  rspndr - ok
14:05:09.0206 0x1888  [ 8E2CB65B05B102F2ADEEBE4C76BF11B6, BE74458A30DE711A342A3F11EEED7AE2355E2570EFBA864B6CD6D26CE817E8CA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
14:05:09.0261 0x1888  rtl8192se - ok
14:05:09.0311 0x1888  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:05:09.0326 0x1888  s3cap - ok
14:05:09.0341 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
14:05:09.0356 0x1888  SamSs - ok
14:05:09.0416 0x1888  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:05:09.0431 0x1888  sbp2port - ok
14:05:09.0451 0x1888  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:05:09.0511 0x1888  SCardSvr - ok
14:05:09.0541 0x1888  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:05:09.0571 0x1888  scfilter - ok
14:05:09.0646 0x1888  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:05:09.0731 0x1888  Schedule - ok
14:05:09.0766 0x1888  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:05:09.0796 0x1888  SCPolicySvc - ok
14:05:09.0861 0x1888  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\drivers\sdbus.sys
14:05:09.0901 0x1888  sdbus - ok
14:05:09.0936 0x1888  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:05:09.0971 0x1888  SDRSVC - ok
14:05:10.0021 0x1888  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:05:10.0071 0x1888  secdrv - ok
14:05:10.0096 0x1888  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:05:10.0146 0x1888  seclogon - ok
14:05:10.0241 0x1888  [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:05:10.0371 0x1888  Secunia PSI Agent - ok
14:05:10.0441 0x1888  [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:05:10.0476 0x1888  Secunia Update Agent - ok
14:05:10.0491 0x1888  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
14:05:10.0551 0x1888  SENS - ok
14:05:10.0576 0x1888  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:05:10.0606 0x1888  SensrSvc - ok
14:05:10.0616 0x1888  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:05:10.0641 0x1888  Serenum - ok
14:05:10.0661 0x1888  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:05:10.0696 0x1888  Serial - ok
14:05:10.0731 0x1888  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:05:10.0761 0x1888  sermouse - ok
14:05:10.0826 0x1888  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:05:10.0856 0x1888  SessionEnv - ok
14:05:10.0901 0x1888  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:05:10.0916 0x1888  sffdisk - ok
14:05:10.0931 0x1888  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:05:10.0946 0x1888  sffp_mmc - ok
14:05:10.0956 0x1888  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:05:10.0986 0x1888  sffp_sd - ok
14:05:11.0016 0x1888  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:05:11.0051 0x1888  sfloppy - ok
14:05:11.0116 0x1888  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:05:11.0166 0x1888  SharedAccess - ok
14:05:11.0211 0x1888  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:05:11.0271 0x1888  ShellHWDetection - ok
14:05:11.0306 0x1888  [ 486A1BD22DD66D0A8542EBB0CD792BDB, E59329EFF47EB4B8CB0D5D122A781A6DEDCB164A82C059B41703E75B46F2CACF ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
14:05:11.0321 0x1888  Shockprf - ok
14:05:11.0336 0x1888  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:05:11.0351 0x1888  sisagp - ok
14:05:11.0401 0x1888  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:05:11.0416 0x1888  SiSRaid2 - ok
14:05:11.0436 0x1888  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:05:11.0446 0x1888  SiSRaid4 - ok
14:05:11.0496 0x1888  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:05:11.0526 0x1888  Smb - ok
14:05:11.0591 0x1888  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:05:11.0611 0x1888  SNMPTRAP - ok
14:05:11.0621 0x1888  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:05:11.0636 0x1888  spldr - ok
14:05:11.0706 0x1888  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:05:11.0776 0x1888  Spooler - ok
14:05:11.0916 0x1888  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:05:12.0096 0x1888  sppsvc - ok
14:05:12.0136 0x1888  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:05:12.0176 0x1888  sppuinotify - ok
14:05:12.0221 0x1888  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:05:12.0286 0x1888  srv - ok
14:05:12.0331 0x1888  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:05:12.0376 0x1888  srv2 - ok
14:05:12.0426 0x1888  [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:05:12.0446 0x1888  SrvHsfHDA - ok
14:05:12.0491 0x1888  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:05:12.0551 0x1888  SrvHsfV92 - ok
14:05:12.0626 0x1888  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:05:12.0671 0x1888  SrvHsfWinac - ok
14:05:12.0716 0x1888  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:05:12.0736 0x1888  srvnet - ok
14:05:12.0761 0x1888  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:05:12.0801 0x1888  SSDPSRV - ok
14:05:12.0851 0x1888  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:05:12.0906 0x1888  SstpSvc - ok
14:05:12.0936 0x1888  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:05:12.0951 0x1888  stexstor - ok
14:05:13.0001 0x1888  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:05:13.0066 0x1888  StiSvc - ok
14:05:13.0111 0x1888  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:05:13.0121 0x1888  storflt - ok
14:05:13.0136 0x1888  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
14:05:13.0151 0x1888  StorSvc - ok
14:05:13.0201 0x1888  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:05:13.0211 0x1888  storvsc - ok
14:05:13.0306 0x1888  [ F3C73E650F1CD3289F38E62CCC325A66, 750B38B38669A4D2652F824754B74F2521A6C9004746AAFEB6759BFAF2FFE304 ] SUService       c:\Program Files\Lenovo\System Update\SUService.exe
14:05:13.0316 0x1888  SUService - detected UnsignedFile.Multi.Generic ( 1 )
14:05:13.0791 0x1888  Detect skipped due to KSN trusted
14:05:13.0791 0x1888  SUService - ok
14:05:13.0966 0x1888  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:05:13.0981 0x1888  swenum - ok
14:05:14.0051 0x1888  [ 3D4776AB6520240AE06D277AC45BF836, 34E063D39731A3F6AA147847BB86EE6C6C8B9DD5B1027282C278FBA3575F10B9 ] swmsflt         C:\Windows\system32\DRIVERS\swmsflt.sys
14:05:14.0066 0x1888  swmsflt - ok
14:05:14.0131 0x1888  [ AF88AE62B84D016EB5BDC12DDF1005A3, 705745C268D65A12F858C0E8A49F61370C0C99D6FFBDA211A1DBDEA79359F362 ] swmx00          C:\Windows\system32\DRIVERS\swmx00.sys
14:05:14.0161 0x1888  swmx00 - ok
14:05:14.0216 0x1888  [ 68FA9DEA71B307210045AEA89310EF7F, B9D87065031476ACA0B45DDB6A7053F98AAB5A32CF7E232A92E86B2715208063 ] SWNC5E00        C:\Windows\system32\DRIVERS\SWNC5E00.sys
14:05:14.0246 0x1888  SWNC5E00 - ok
14:05:14.0281 0x1888  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:05:14.0356 0x1888  swprv - ok
14:05:14.0421 0x1888  [ D7DC30B8B41E7A913C3FCCC0631E72EC, B066708F75231547D263BEEA265CC5B7D87F4DF52174BF5CA141D2FD9B49E546 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:05:14.0446 0x1888  SynTP - ok
14:05:14.0521 0x1888  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:05:14.0601 0x1888  SysMain - ok
14:05:14.0656 0x1888  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:05:14.0771 0x1888  TabletInputService - ok
14:05:14.0846 0x1888  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:05:14.0906 0x1888  TapiSrv - ok
14:05:14.0936 0x1888  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:05:14.0986 0x1888  TBS - ok
14:05:15.0056 0x1888  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:05:15.0116 0x1888  Tcpip - ok
14:05:15.0206 0x1888  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:05:15.0251 0x1888  TCPIP6 - ok
14:05:15.0296 0x1888  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:05:15.0341 0x1888  tcpipreg - ok
14:05:15.0381 0x1888  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:05:15.0436 0x1888  TDPIPE - ok
14:05:15.0481 0x1888  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:05:15.0511 0x1888  TDTCP - ok
14:05:15.0546 0x1888  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:05:15.0606 0x1888  tdx - ok
14:05:15.0621 0x1888  TdxMrMINI - ok
14:05:15.0636 0x1888  TdxVGAMINI - ok
14:05:15.0681 0x1888  TdxVGAUSB - ok
14:05:15.0711 0x1888  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:05:15.0731 0x1888  TermDD - ok
14:05:15.0786 0x1888  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:05:15.0851 0x1888  TermService - ok
14:05:15.0871 0x1888  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:05:15.0906 0x1888  Themes - ok
14:05:15.0981 0x1888  [ 39AC444E07FDBD8C2E8E291A65D515D3, 4BFAEF295168AF4A78D3DE456B3819368BF55302EB17E1DB5391BDABB0E577A4 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:05:16.0031 0x1888  ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic ( 1 )
14:05:17.0517 0x1888  Detect skipped due to KSN trusted
14:05:17.0517 0x1888  ThinkVantage Registry Monitor Service - ok
14:05:17.0542 0x1888  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:05:17.0572 0x1888  THREADORDER - ok
14:05:17.0617 0x1888  [ 20A439D6475D6FE1909159C0143D0466, 98C3627D084F75E751ABA25145FEE2C824B6978B49B763FC6B58EEDCA3CF4EB7 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
14:05:17.0632 0x1888  TPDIGIMN - ok
14:05:17.0652 0x1888  [ 3775E4AA5F72264DBAB7A578DD913ECF, 9050B068C2E45311CFAAC49CC504E17C7E05759646B3231A647FED536B3D0D1F ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
14:05:17.0667 0x1888  TPHDEXLGSVC - ok
14:05:17.0722 0x1888  [ 2CF225E19490F499528B926263FE4554, 4913A6A729603C89A120FA20F87A06FC1A6005691D39696AB736CDC64180762C ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:05:17.0737 0x1888  TPHKSVC - ok
14:05:17.0797 0x1888  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
14:05:17.0827 0x1888  TPM - ok
14:05:17.0882 0x1888  [ 6412DA2B8D079D821B99B3A99943284E, DE6B2E31C8AEE9FC0AE2D22C4145E3BF11715279A1725020BBB4C585586E18B2 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
14:05:17.0892 0x1888  TPPWRIF - ok
14:05:17.0952 0x1888  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:05:18.0002 0x1888  TrkWks - ok
14:05:18.0132 0x1888  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:05:18.0182 0x1888  TrustedInstaller - ok
14:05:18.0227 0x1888  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:05:18.0247 0x1888  tssecsrv - ok
14:05:18.0317 0x1888  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:05:18.0337 0x1888  TsUsbFlt - ok
14:05:18.0397 0x1888  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:05:18.0447 0x1888  tunnel - ok
14:05:18.0497 0x1888  [ C0847EDCCCEF8D4F5354E82EC9E90159, 1A16A1734A6E7652F78186D1B3B60E08D8CB27560C023E9348ED2BE30722679E ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
14:05:18.0517 0x1888  TurboB - ok
14:05:18.0582 0x1888  [ 8629F69817902D9D0F00EB3247AABA51, 43AD174B1029BAF62C5BBB3AA022EB02EFC0BBE3F76571C22BF96C35D895D9E6 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:05:18.0637 0x1888  TurboBoost - ok
14:05:18.0742 0x1888  [ B56DA1AA776C15043D10F82B32AA000D, F9AC51F63994343D454168FACE284411A5F63CF98A253171C62FB8B1A06E1529 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:05:19.0042 0x1888  TVT Backup Service - detected UnsignedFile.Multi.Generic ( 1 )
14:05:19.0517 0x1888  Detect skipped due to KSN trusted
14:05:19.0517 0x1888  TVT Backup Service - ok
14:05:19.0562 0x1888  [ 3078906E991F29305E8066911153717E, 697779A867D8BDE2A1ACDC04F73D799595067E0CD82D1535F149025AD1F6B741 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
14:05:19.0582 0x1888  TVTI2C - ok
14:05:19.0612 0x1888  U2SP - ok
14:05:19.0657 0x1888  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:05:19.0672 0x1888  uagp35 - ok
14:05:19.0762 0x1888  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:05:19.0817 0x1888  udfs - ok
14:05:19.0862 0x1888  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:05:19.0902 0x1888  UI0Detect - ok
14:05:19.0937 0x1888  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:05:19.0947 0x1888  uliagpkx - ok
14:05:20.0007 0x1888  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:05:20.0022 0x1888  umbus - ok
14:05:20.0037 0x1888  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:05:20.0077 0x1888  UmPass - ok
14:05:20.0127 0x1888  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:05:20.0167 0x1888  UmRdpService - ok
14:05:20.0292 0x1888  [ 368D1E624510885E552A1DE490C606EF, F8E2B5E74D0F0D04639AF0E796E8E410AC11A2D425A5FB33956A0575F66B2212 ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:05:20.0402 0x1888  UNS - ok
14:05:20.0427 0x1888  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:05:20.0487 0x1888  upnphost - ok
14:05:20.0762 0x1888  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:05:20.0797 0x1888  USBAAPL - ok
14:05:20.0852 0x1888  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:05:20.0897 0x1888  usbaudio - ok
14:05:20.0937 0x1888  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:05:21.0002 0x1888  usbccgp - ok
14:05:21.0037 0x1888  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:05:21.0057 0x1888  usbcir - ok
14:05:21.0067 0x1888  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:05:21.0087 0x1888  usbehci - ok
14:05:21.0157 0x1888  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:05:21.0197 0x1888  usbhub - ok
14:05:21.0232 0x1888  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:05:21.0252 0x1888  usbohci - ok
14:05:21.0272 0x1888  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:05:21.0307 0x1888  usbprint - ok
14:05:21.0452 0x1888  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
14:05:21.0467 0x1888  usbscan - ok
14:05:21.0487 0x1888  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:05:21.0522 0x1888  USBSTOR - ok
14:05:21.0552 0x1888  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:05:21.0572 0x1888  usbuhci - ok
14:05:21.0632 0x1888  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:05:21.0672 0x1888  usbvideo - ok
14:05:21.0707 0x1888  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:05:21.0762 0x1888  UxSms - ok
14:05:21.0797 0x1888  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
14:05:21.0812 0x1888  VaultSvc - ok
14:05:21.0877 0x1888  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:05:21.0892 0x1888  vdrvroot - ok
14:05:21.0947 0x1888  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:05:22.0002 0x1888  vds - ok
14:05:22.0032 0x1888  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:05:22.0062 0x1888  vga - ok
14:05:22.0087 0x1888  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:05:22.0117 0x1888  VgaSave - ok
14:05:22.0137 0x1888  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:05:22.0157 0x1888  vhdmp - ok
14:05:22.0202 0x1888  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:05:22.0212 0x1888  viaagp - ok
14:05:22.0227 0x1888  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:05:22.0262 0x1888  ViaC7 - ok
14:05:22.0297 0x1888  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:05:22.0312 0x1888  viaide - ok
14:05:22.0337 0x1888  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:05:22.0352 0x1888  vmbus - ok
14:05:22.0372 0x1888  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:05:22.0407 0x1888  VMBusHID - ok
14:05:22.0432 0x1888  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:05:22.0452 0x1888  volmgr - ok
14:05:22.0477 0x1888  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:05:22.0497 0x1888  volmgrx - ok
14:05:22.0517 0x1888  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:05:22.0537 0x1888  volsnap - ok
14:05:22.0592 0x1888  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:05:22.0607 0x1888  vsmraid - ok
14:05:22.0757 0x1888  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:05:22.0862 0x1888  VSS - ok
14:05:22.0892 0x1888  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:05:22.0927 0x1888  vwifibus - ok
14:05:22.0972 0x1888  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:05:22.0992 0x1888  vwififlt - ok
14:05:23.0047 0x1888  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:05:23.0088 0x1888  vwifimp - ok
14:05:23.0123 0x1888  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:05:23.0168 0x1888  W32Time - ok
14:05:23.0188 0x1888  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:05:23.0203 0x1888  WacomPen - ok
14:05:23.0258 0x1888  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:05:23.0313 0x1888  WANARP - ok
14:05:23.0323 0x1888  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:05:23.0353 0x1888  Wanarpv6 - ok
14:05:23.0483 0x1888  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:05:23.0568 0x1888  WatAdminSvc - ok
14:05:23.0693 0x1888  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:05:23.0783 0x1888  wbengine - ok
14:05:23.0818 0x1888  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:05:23.0868 0x1888  WbioSrvc - ok
14:05:23.0913 0x1888  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:05:23.0958 0x1888  wcncsvc - ok
14:05:23.0988 0x1888  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:05:24.0023 0x1888  WcsPlugInService - ok
14:05:24.0058 0x1888  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:05:24.0068 0x1888  Wd - ok
14:05:24.0118 0x1888  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:05:24.0158 0x1888  Wdf01000 - ok
14:05:24.0173 0x1888  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:05:24.0193 0x1888  WdiServiceHost - ok
14:05:24.0198 0x1888  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:05:24.0218 0x1888  WdiSystemHost - ok
14:05:24.0258 0x1888  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
14:05:24.0328 0x1888  WebClient - ok
14:05:24.0353 0x1888  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:05:24.0388 0x1888  Wecsvc - ok
14:05:24.0403 0x1888  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:05:24.0433 0x1888  wercplsupport - ok
14:05:24.0508 0x1888  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:05:24.0568 0x1888  WerSvc - ok
14:05:24.0613 0x1888  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:05:24.0648 0x1888  WfpLwf - ok
14:05:24.0683 0x1888  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:05:24.0703 0x1888  WIMMount - ok
14:05:24.0828 0x1888  [ 253A9C2DF9A2A7B3B23146014959F2CD, DC9AEF4F5085C52930EE7523FB8FF209D1EF6A8333FAAB043269C18AD029112A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:05:24.0918 0x1888  winachsf - ok
14:05:25.0058 0x1888  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:05:25.0164 0x1888  WinDefend - ok
14:05:25.0204 0x1888  WinHttpAutoProxySvc - ok
14:05:25.0259 0x1888  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:05:25.0294 0x1888  Winmgmt - ok
14:05:25.0404 0x1888  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:05:25.0489 0x1888  WinRM - ok
14:05:25.0559 0x1888  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:05:25.0599 0x1888  WinUsb - ok
14:05:25.0729 0x1888  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:05:25.0819 0x1888  Wlansvc - ok
14:05:25.0939 0x1888  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:05:25.0949 0x1888  wlcrasvc - ok
14:05:26.0054 0x1888  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:05:26.0139 0x1888  wlidsvc - ok
14:05:26.0199 0x1888  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:05:26.0254 0x1888  WmiAcpi - ok
14:05:26.0279 0x1888  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:05:26.0314 0x1888  wmiApSrv - ok
14:05:26.0419 0x1888  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:05:26.0529 0x1888  WMPNetworkSvc - ok
14:05:26.0569 0x1888  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:05:26.0589 0x1888  WPCSvc - ok
14:05:26.0639 0x1888  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:05:26.0684 0x1888  WPDBusEnum - ok
14:05:26.0719 0x1888  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:05:26.0779 0x1888  ws2ifsl - ok
14:05:26.0804 0x1888  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:05:26.0824 0x1888  wscsvc - ok
14:05:26.0879 0x1888  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:05:26.0894 0x1888  WSDPrintDevice - ok
14:05:26.0899 0x1888  WSearch - ok
14:05:27.0144 0x1888  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:05:27.0239 0x1888  wuauserv - ok
14:05:27.0274 0x1888  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:05:27.0294 0x1888  WudfPf - ok
14:05:27.0344 0x1888  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:05:27.0369 0x1888  WUDFRd - ok
14:05:27.0429 0x1888  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:05:27.0449 0x1888  wudfsvc - ok
14:05:27.0504 0x1888  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:05:27.0574 0x1888  WwanSvc - ok
14:05:27.0629 0x1888  [ 894F963BE999BA9DB5AAC3AED55B115D, F4ECDD57FC5F6E295414745C2B8A2D9F9074C7035A6902456EE4447560863710 ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
14:05:27.0639 0x1888  XAudio - ok
14:05:27.0709 0x1888  ================ Scan global ===============================
14:05:27.0749 0x1888  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:05:27.0799 0x1888  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:05:27.0814 0x1888  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:05:27.0894 0x1888  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:05:27.0954 0x1888  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:05:27.0969 0x1888  [ Global ] - ok
14:05:27.0974 0x1888  ================ Scan MBR ==================================
14:05:27.0989 0x1888  [ 2E6C19ED7DBC44B357646B18441A3FB6 ] \Device\Harddisk0\DR0
14:05:30.0219 0x1888  \Device\Harddisk0\DR0 - ok
14:05:30.0229 0x1888  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:05:30.0354 0x1888  \Device\Harddisk1\DR1 - ok
14:05:30.0354 0x1888  ================ Scan VBR ==================================
14:05:30.0379 0x1888  [ FFAADCF71B9FF4D30F0AD713553CE963 ] \Device\Harddisk0\DR0\Partition1
14:05:30.0464 0x1888  \Device\Harddisk0\DR0\Partition1 - ok
14:05:30.0499 0x1888  [ C3368C2F19BF2327ECDC3B5C0A528BC0 ] \Device\Harddisk0\DR0\Partition2
14:05:30.0534 0x1888  \Device\Harddisk0\DR0\Partition2 - ok
14:05:30.0594 0x1888  [ 43403CAFA022818ADC8C4CCD71227EAB ] \Device\Harddisk0\DR0\Partition3
14:05:30.0649 0x1888  \Device\Harddisk0\DR0\Partition3 - ok
14:05:30.0654 0x1888  [ 5698EC0BB79FECDA2CE9F523F37C0D7F ] \Device\Harddisk1\DR1\Partition1
14:05:30.0659 0x1888  \Device\Harddisk1\DR1\Partition1 - ok
14:05:30.0659 0x1888  Waiting for KSN requests completion. In queue: 170
14:05:31.0674 0x1888  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
14:05:31.0679 0x1888  Win FW state via NFP2: enabled
14:05:31.0889 0x1888  ============================================================
14:05:31.0889 0x1888  Scan finished
14:05:31.0889 0x1888  ============================================================
14:05:31.0894 0x18b0  Detected object count: 1
14:05:31.0894 0x18b0  Actual detected object count: 1
14:07:26.0106 0x18b0  Re-Markable ( UnsignedFile.Multi.Generic ) - skipped by user
14:07:26.0106 0x18b0  Re-Markable ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:09:53.0536 0x1490  Deinitialize success


#4 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 03:24 PM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Skip Casper (administrator) on SKIPCASPER on 07-03-2014 14:10:42
Running from C:\Users\Skip Casper\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\Re-Markable\Re-Markable_wd.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
() C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
() C:\Program Files\Re-Markable\Re-Markable154.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Ricoh co.,Ltd.) C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Akamai Technologies, Inc.) C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
(Koninklijke Philips Electronics N.V.) C:\Users\Skip Casper\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(salesforce.com) C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Desktop.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [RotateImage] - C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-24] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [886120 2010-05-06] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [MaxtorOneTouch] - C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [634880 2005-11-09] (Maxtor Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2010-04-22] (Lenovo)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Google Update] - C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-15] (Google Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [ALconnect] - C:\Users\Skip Casper\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Power2GoExpress] - [X]
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {343ea628-3fcf-11e0-859e-806e6f6e6963} - D:\WIN\setup.exe
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {9be7d6de-78cc-11df-be48-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {f92fe6a1-c16a-11df-9b05-5cff350cff87} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\DriverInstaller.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {EF24A6D9-9724-41BC-B578-EB75F48FAF65} URL = 
BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll (APN LLC.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///D:/launch.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @DailyBibleGuide.com/Plugin - C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (Mindspark)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin - C:\PROGRA~1\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Skip Casper\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Skip Casper\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Skip Casper\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-02-23]
FF Extension: DailyBibleGuide - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\2vffxtbr@DailyBibleGuide.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\gears.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Avery Toolbar) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-12-29]
CHR Extension: (Entanglement Web App) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-18]
CHR Extension: (Force.com LOGINS) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjbglicecgnpkpdhpbogkednmmbebec [2012-10-24]
CHR Extension: (Poppit) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-18]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-01-18]
CHR Extension: (Google Wallet) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2014-02-24]
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2010-04-22] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [259432 2010-04-22] (Lenovo)
R2 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-12] (APN LLC.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7454608 2013-05-08] (DisplayLink Corp.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [311184 2013-02-11] (Nuance Communications, Inc.)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
S4 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-06] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-10-09] (Nitro PDF Software)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( )
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-11-01] (Microsoft Corporation)
R2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()
R2 Re-Markable; C:\Program Files\Re-Markable\Re-Markable154.exe [181248 2014-02-23] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited)
 
==================== Drivers (Whitelisted) ====================
 
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [319488 2010-02-11] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [51456 2010-02-11] (Beceem communications pvt ltd.)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys [36752 2013-05-13] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [338736 2013-05-08] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-05-08] (DisplayLink Corp.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-06-15] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [37248 2010-06-08] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 ADM851X; system32\DRIVERS\ADM851X.SYS [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 TdxMrMINI; system32\DRIVERS\TdxMrMini.sys [X]
S3 TdxVGAMINI; system32\DRIVERS\TdxVgaMini.sys [X]
S3 TdxVGAUSB; system32\drivers\TdxVGAUSB.sys [X]
S3 U2SP; system32\DRIVERS\u2s2kxp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-07 14:10 - 2014-03-07 14:10 - 00027590 _____ () C:\Users\Skip Casper\Desktop\FRST.txt
2014-03-07 14:10 - 2014-03-07 14:10 - 00000000 ____D () C:\FRST
2014-03-07 14:00 - 2014-03-07 13:57 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Skip Casper\Desktop\tdsskiller.exe
2014-03-07 14:00 - 2014-03-07 13:57 - 01145344 _____ (Farbar) C:\Users\Skip Casper\Desktop\FRST.exe
2014-03-06 22:18 - 2014-03-06 22:20 - 00028592 _____ () C:\Users\Skip Casper\Desktop\dds.txt
2014-03-06 22:18 - 2014-03-06 22:20 - 00015753 _____ () C:\Users\Skip Casper\Desktop\attach.txt
2014-03-06 22:14 - 2014-03-06 22:08 - 00688992 ____R (Swearware) C:\Users\Skip Casper\Desktop\dds.com
2014-03-05 20:29 - 2014-03-05 20:30 - 00261370 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-04 11:01 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-04 10:48 - 2014-03-04 10:48 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml (1).msi
2014-03-04 10:34 - 2014-03-04 10:35 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml.msi
2014-03-04 10:15 - 2013-10-01 18:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-04 10:15 - 2013-10-01 18:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-04 10:15 - 2013-10-01 18:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-04 10:15 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-04 10:15 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-04 10:15 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-04 10:15 - 2013-10-01 17:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-04 10:15 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-04 10:15 - 2013-10-01 17:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-04 10:15 - 2013-10-01 16:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-04 10:15 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-04 10:13 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-04 10:01 - 2014-03-04 10:01 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 10:01 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-03-04 10:00 - 2014-03-04 10:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 10:00 - 2014-03-04 10:01 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 10:00 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 09:59 - 2014-03-04 09:59 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-04 09:34 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2014-03-04 02:30 - 2014-03-04 02:30 - 00001732 _____ () C:\tvtpktfilter.dat
2014-03-03 15:24 - 2014-03-03 15:24 - 00116423 _____ () C:\Users\Skip Casper\Documents\Copy of Sedgebrook-FIX.xlsx
2014-02-23 08:08 - 2014-02-23 08:08 - 00002000 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 07:46 - 2014-02-23 07:46 - 00000000 ____D () C:\Users\Skip Casper\Documents\Optimizer Pro
2014-02-23 07:45 - 2014-03-07 13:55 - 00000370 _____ () C:\Windows\Tasks\Re-Markable_wd.job
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Program Files\Re-Markable
2014-02-19 08:18 - 2014-02-19 08:18 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-02-12 21:04 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\Skip Casper\AppData\OICE_15_974FA576_32C1D314_5F1
2014-02-12 18:09 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:09 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:09 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 18:09 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 18:09 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 18:09 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:09 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:09 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 18:09 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:09 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:09 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 18:09 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 18:09 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 18:09 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:09 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 18:09 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:09 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:09 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:09 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:09 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:09 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:59 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:52 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 04:52 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 04:52 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 04:52 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 04:52 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 04:52 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 04:52 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 11:15 - 2014-02-11 11:15 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 11:14 - 2014-02-11 11:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 11:14 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 11:13 - 2014-02-11 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Skip Casper\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-10 15:21 - 2013-09-30 21:14 - 04449200 _____ (TeamViewer) C:\Users\Skip Casper\Desktop\TeamViewerQS_v8.exe
2014-02-09 13:24 - 2014-02-09 14:45 - 01772032 ___SH () C:\Users\Skip Casper\Documents\Thumbs.db
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\{D68B2EA5-47F7-499C-A932-852CFAC579C7}
2014-02-08 14:50 - 2014-02-08 14:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\IsolatedStorage
2014-02-07 10:54 - 2014-02-07 10:54 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-07 10:54 - 2014-02-07 10:54 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-07 10:54 - 2014-02-07 10:54 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-07 10:54 - 2014-02-07 10:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-06 20:34 - 2014-02-06 20:34 - 00001779 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-06 20:34 - 2014-02-06 20:34 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\Skip Casper\Documents\My Digital Editions
2014-02-05 12:06 - 2014-03-04 21:11 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-RAK presentaion
 
==================== One Month Modified Files and Folders =======
 
2014-03-07 14:10 - 2014-03-07 14:10 - 00027590 _____ () C:\Users\Skip Casper\Desktop\FRST.txt
2014-03-07 14:10 - 2014-03-07 14:10 - 00000000 ____D () C:\FRST
2014-03-07 14:08 - 2011-12-22 13:53 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-07 14:06 - 2010-06-15 16:38 - 01354142 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 14:04 - 2009-07-13 22:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 14:04 - 2009-07-13 22:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 13:59 - 2011-11-30 10:19 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Dropbox
2014-03-07 13:58 - 2011-11-30 10:23 - 00000000 ___RD () C:\Users\Skip Casper\Dropbox
2014-03-07 13:57 - 2014-03-07 14:00 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Skip Casper\Desktop\tdsskiller.exe
2014-03-07 13:57 - 2014-03-07 14:00 - 01145344 _____ (Farbar) C:\Users\Skip Casper\Desktop\FRST.exe
2014-03-07 13:56 - 2013-11-21 12:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-07 13:55 - 2014-02-23 07:45 - 00000370 _____ () C:\Windows\Tasks\Re-Markable_wd.job
2014-03-07 13:55 - 2013-12-01 20:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-07 13:55 - 2011-03-15 12:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 13:55 - 2010-08-24 20:22 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-03-07 13:55 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 13:55 - 2009-07-13 22:39 - 00238892 _____ () C:\Windows\setupact.log
2014-03-06 22:47 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2014-03-06 22:35 - 2011-03-15 12:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 22:20 - 2014-03-06 22:18 - 00028592 _____ () C:\Users\Skip Casper\Desktop\dds.txt
2014-03-06 22:20 - 2014-03-06 22:18 - 00015753 _____ () C:\Users\Skip Casper\Desktop\attach.txt
2014-03-06 22:08 - 2014-03-06 22:14 - 00688992 ____R (Swearware) C:\Users\Skip Casper\Desktop\dds.com
2014-03-06 21:53 - 2012-03-29 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 21:53 - 2011-05-18 11:17 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000UA.job
2014-03-06 12:16 - 2010-06-24 13:32 - 00000000 ____D () C:\Users\Skip Casper\Desktop\Outlook
2014-03-06 11:02 - 2009-07-20 23:30 - 00792708 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 10:35 - 2012-11-14 12:11 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Nitro PDF
2014-03-05 20:30 - 2014-03-05 20:29 - 00261370 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-05 15:48 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-03-05 14:34 - 2011-01-07 12:19 - 00000000 ____D () C:\Users\Skip Casper\Desktop\Torrey
2014-03-05 11:56 - 2010-09-16 11:07 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\CrashDumps
2014-03-05 10:54 - 2010-08-29 12:35 - 00000059 _____ () C:\Windows\wpd99.drv
2014-03-05 10:54 - 2010-08-29 12:35 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-05 09:41 - 2011-05-18 11:17 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000Core.job
2014-03-04 22:22 - 2013-10-22 12:19 - 00000000 ____D () C:\Users\Skip Casper\Documents\000000-Mirkovich
2014-03-04 21:53 - 2011-10-05 10:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Mozilla
2014-03-04 21:11 - 2014-02-05 12:06 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-RAK presentaion
2014-03-04 12:19 - 2010-06-22 00:27 - 00000000 ____D () C:\Users\Skip Casper
2014-03-04 10:53 - 2012-07-12 16:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 10:50 - 2010-06-23 13:41 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-04 10:48 - 2014-03-04 10:48 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml (1).msi
2014-03-04 10:44 - 2011-10-05 10:50 - 00001120 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 10:43 - 2011-10-05 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 10:35 - 2014-03-04 10:34 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml.msi
2014-03-04 10:01 - 2014-03-04 10:01 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 10:01 - 2014-03-04 10:00 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 10:01 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 10:00 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 10:00 - 2010-07-12 06:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-04 09:59 - 2014-03-04 09:59 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-04 09:58 - 2010-07-12 06:12 - 00000000 ____D () C:\ProgramData\Apple
2014-03-04 07:56 - 2011-05-18 11:18 - 00002412 _____ () C:\Users\Skip Casper\Desktop\Google Chrome.lnk
2014-03-04 06:20 - 2010-06-23 14:06 - 01268356 _____ () C:\Windows\PFRO.log
2014-03-04 02:30 - 2014-03-04 02:30 - 00001732 _____ () C:\tvtpktfilter.dat
2014-03-04 02:30 - 2010-06-15 16:35 - 00000000 ____D () C:\swshare
2014-03-04 00:32 - 2011-04-11 13:44 - 00165376 ___SH () C:\Users\Skip Casper\Desktop\Thumbs.db
2014-03-04 00:25 - 2011-10-05 10:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Mozilla
2014-03-04 00:06 - 2011-12-22 13:53 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-04 00:05 - 2009-07-13 20:37 - 00000000 __RSD () C:\Windows\Media
2014-03-03 15:24 - 2014-03-03 15:24 - 00116423 _____ () C:\Users\Skip Casper\Documents\Copy of Sedgebrook-FIX.xlsx
2014-03-03 13:33 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-03-03 09:22 - 2011-12-20 14:32 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Consulting
2014-02-28 09:40 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-27 14:22 - 2010-06-23 18:36 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-HLC
2014-02-26 16:20 - 2010-06-23 18:32 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Family
2014-02-26 14:41 - 2012-10-06 11:29 - 00000000 ____D () C:\Program Files\CrashPlan
2014-02-26 14:38 - 2010-06-15 16:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-25 22:08 - 2013-12-11 13:19 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\VNT
2014-02-25 21:45 - 2013-12-11 13:19 - 00000000 ____D () C:\Program Files\VNT
2014-02-25 16:12 - 2010-06-22 19:25 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Adobe
2014-02-24 16:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-23 08:08 - 2014-02-23 08:08 - 00002000 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 08:08 - 2010-10-23 10:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 08:07 - 2010-10-23 10:24 - 00000000 ____D () C:\Program Files\Adobe
2014-02-23 08:07 - 2010-06-22 19:27 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Adobe
2014-02-23 07:46 - 2014-02-23 07:46 - 00000000 ____D () C:\Users\Skip Casper\Documents\Optimizer Pro
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Program Files\Re-Markable
2014-02-22 15:54 - 2012-03-29 19:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-22 15:54 - 2011-10-25 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:42 - 2010-06-23 18:42 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Service Ideas
2014-02-20 17:10 - 2013-06-11 09:30 - 00000000 ____D () C:\Users\Skip Casper\Desktop\1-HLC
2014-02-20 13:50 - 2010-06-23 18:38 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-Budget
2014-02-19 08:18 - 2014-02-19 08:18 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-02-15 13:09 - 2012-10-24 12:21 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-02-12 21:04 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\Skip Casper\AppData\OICE_15_974FA576_32C1D314_5F1
2014-02-12 18:06 - 2013-07-27 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 18:03 - 2010-07-07 07:47 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:00 - 2013-03-28 09:42 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Gene
2014-02-11 15:09 - 2010-06-23 18:38 - 00000000 ____D () C:\Users\Skip Casper\Documents\Logos
2014-02-11 11:15 - 2014-02-11 11:15 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 11:15 - 2014-02-11 11:14 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 11:14 - 2014-02-11 11:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Skip Casper\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-11 11:00 - 2011-02-21 11:58 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\TeamViewer
2014-02-09 15:46 - 2010-06-23 18:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-09 14:45 - 2014-02-09 13:24 - 01772032 ___SH () C:\Users\Skip Casper\Documents\Thumbs.db
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\{D68B2EA5-47F7-499C-A932-852CFAC579C7}
2014-02-09 12:49 - 2010-11-16 17:31 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Windows Live
2014-02-08 14:50 - 2014-02-08 14:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\IsolatedStorage
2014-02-07 10:56 - 2013-12-10 17:18 - 00169595 _____ () C:\Windows\IE11_main.log
2014-02-07 10:54 - 2014-02-07 10:54 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-07 10:54 - 2014-02-07 10:54 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-07 10:54 - 2014-02-07 10:54 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-07 10:54 - 2014-02-07 10:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-06 20:34 - 2014-02-06 20:34 - 00001779 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-06 20:34 - 2014-02-06 20:34 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-06 20:34 - 2013-05-01 15:56 - 00000120 _____ () C:\Windows\QUICKEN.INI
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\Skip Casper\Documents\My Digital Editions
2014-02-06 04:38 - 2014-02-12 18:09 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:20 - 2014-02-12 18:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:19 - 2014-02-12 18:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:01 - 2014-02-12 18:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:00 - 2014-02-12 18:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 18:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:52 - 2014-02-12 18:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 18:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:49 - 2014-02-12 18:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:47 - 2014-02-12 18:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:47 - 2014-02-12 18:09 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:46 - 2014-02-12 18:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:34 - 2014-02-12 18:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:25 - 2014-02-12 18:09 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:25 - 2014-02-12 18:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:13 - 2014-02-12 18:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 18:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 18:09 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:41 - 2014-02-12 18:09 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:36 - 2014-02-12 18:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:34 - 2014-02-12 18:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLck.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLeu.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Skip Casper\Illustrator_15_LS1.exe
 
 
Some content of TEMP:
====================
C:\Users\Skip Casper\AppData\Local\Temp\BackupSetup.exe
C:\Users\Skip Casper\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Skip Casper\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Skip Casper\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Skip Casper\AppData\Local\Temp\n0iuoeno.dll
C:\Users\Skip Casper\AppData\Local\Temp\nitro_pro8.exe
C:\Users\Skip Casper\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Skip Casper\AppData\Local\Temp\ose00000.exe
C:\Users\Skip Casper\AppData\Local\Temp\pib2oeml.dll
C:\Users\Skip Casper\AppData\Local\Temp\Scrubly.exe
C:\Users\Skip Casper\AppData\Local\Temp\Setup.X86.en-US_ProfessionalRetail_c17afb0f-20b3-4ca1-baa8-7da455215c42_TX_PR_.exe
C:\Users\Skip Casper\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\Skip Casper\AppData\Local\Temp\tbFLV_.dll
C:\Users\Skip Casper\AppData\Local\Temp\vghvlryz.dll
C:\Users\Skip Casper\AppData\Local\Temp\vrpyuqft.dll
C:\Users\Skip Casper\AppData\Local\Temp\{55D510D1-8744-4E00-855E-9C216ACA85D4}-32.0.1700.102_32.0.1700.76_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 11:13
 
==================== End Of Log ============================

Addition txt log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014 01
Ran by Skip Casper at 2014-03-07 14:11:34
Running from C:\Users\Skip Casper\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveLink Connect (HKCU\...\ActiveLink Connect) (Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.)
ActiveLink Connect (Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Elements 3.0 (HKLM\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM\...\Akamai) (Version:  - )
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS E-Green Uninstall (HKLM\...\EGREEN) (Version:  - )
Avery Toolbar (HKLM\...\{41565256-3700-A76A-76A7-A758B70C0A03}) (Version: 12.10.3.4680 - APN, LLC)
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
BlackBerry Desktop Software 6.0.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
CrashPlan (HKLM\...\{0153FB91-BFF6-4437-92CD-64017BF38BD3}) (Version: 3.2.1 - CrashPlan)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{930744CC-FC5C-455D-BA33-CE4F63851E34}) (Version: 7.2.47873.0 - DisplayLink Corp.)
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Documents To Go Desktop for iPhone (HKLM\...\DTGDesktop) (Version: 2.0000.006 - DataViz, Inc.)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4413.1752 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 5.4.0.1083 (HKCU\...\GoToMeeting) (Version: 5.4.0.1083 - CitrixOnline)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.19 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.19 - RICOH)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.129 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.129 - InterVideo Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version:  - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maxtor OneTouch III (HKLM\...\InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}) (Version: 3.00.0015 - Maxtor)
Maxtor OneTouch III (Version: 3.00.0015 - Maxtor) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.161.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60816.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Mobile Broadband (HKLM\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NIKON IMAGE SPACE UPLOADER (Version: 1.1 - NIKON CORPORATION) Hidden
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Nitro Pro 8 (HKLM\...\{8926E1F3-32C2-42DF-9E14-C5F5D002E5BD}) (Version: 8.0.4.6 - Nitro)
NOOK for PC (HKLM\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
Pdf995 (HKLM\...\Pdf995) (Version:  - )
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.11 - Nikon)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Re-Markable (HKLM\...\3ab10bee-8869-4359-a475-bb66899cdbdc) (Version:  - ReMarkable) <==== ATTENTION
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Salesforce for Outlook (HKLM\...\{AF65DC73-94A0-4E85-8AC2-DBA52CAD1091}) (Version: 1.7.102.1043 - salesforce.com)
Scrubly (HKLM\...\{A734357B-CE68-45C5-9763-38309AF2D46D}) (Version: 0.0.278 - BluCapp Inc.)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Short Movie Creator (HKLM\...\{B2817391-97C2-4A88-A952-14920594BD62}) (Version: 1.3.0 - Nikon)
Sierra Wireless USB MUX Driver Package (HKLM\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.56 - Sierra Wireless)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0030 - Lenovo)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.15 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.21 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.12.0 - Lenovo)
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0023.0 - REALTEK Semiconductor Corp.)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.62 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.41 - Lenovo)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0) (HKLM\...\5C7A2989588CD51E7DBF313D9E4B7DB4F66AE192) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows Driver Package - Intel (HECI) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/22/2010 15.0.18.0) (HKLM\...\C66535CA6304603B86F44D3775D6CC25119F994C) (Version: 04/22/2010 15.0.18.0 - Synaptics)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
10-01-2014 14:11:11 Windows Update
11-01-2014 02:13:13 Windows Update
11-01-2014 22:38:13 Windows Update
12-01-2014 19:27:25 Windows Update
14-01-2014 09:00:17 Windows Update
15-01-2014 09:01:16 Windows Update
16-01-2014 09:00:46 Windows Update
17-01-2014 05:33:19 Windows Update
17-01-2014 17:11:28 Windows Update
22-01-2014 09:02:25 Windows Update
22-01-2014 13:28:31 Windows Update
23-01-2014 05:35:05 Windows Update
29-01-2014 14:58:51 Windows Update
31-01-2014 00:27:27 Windows Update
31-01-2014 04:12:43 Windows Update
31-01-2014 14:16:40 Windows Update
01-02-2014 16:49:43 Windows Update
04-02-2014 22:35:18 Windows Update
05-02-2014 03:03:38 Windows Update
06-02-2014 05:19:19 Windows Update
06-02-2014 22:31:16 Windows Update
07-02-2014 16:40:04 Windows Update
07-02-2014 16:53:27 Windows Update
09-02-2014 04:06:20 Windows Update
12-02-2014 19:07:36 Windows Update
12-02-2014 23:58:01 Windows Update
16-02-2014 21:19:59 Windows Update
22-02-2014 20:41:12 Windows Update
26-02-2014 20:55:39 Windows Update
27-02-2014 14:51:04 Windows Update
28-02-2014 15:20:34 Windows Update
04-03-2014 15:30:54 Removed Apple Application Support
04-03-2014 15:32:32 Removed Apple Mobile Device Support
04-03-2014 15:33:21 Removed Apple Software Update
04-03-2014 15:33:54 Removed iTunes
04-03-2014 15:59:44 Installed iTunes
04-03-2014 16:14:15 Windows Update
04-03-2014 16:50:32 Installed MSXML 4.0 SP3 Parser
05-03-2014 04:23:23 Windows Update
06-03-2014 02:29:11 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {035F6D57-4C0C-4900-A712-D534B4C3A8B0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0F36D463-160D-4A06-893D-29F0C5289B31} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-10-12] (Microsoft)
Task: {0FA2739F-5780-4795-B123-43A93CD57D51} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {2193BA66-380E-45B2-99B4-D96AE07FDA1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {2491157B-9A8D-4732-8466-4B423DBD5ECF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-11-01] (Microsoft Corporation)
Task: {274DF827-EE87-46F4-8DE7-C1F5FDA6F217} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {2D21D8D5-29D8-40BA-80AD-3D52317A2F46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000Core => C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: {306A3004-94A6-4650-94C0-536F8843CD3B} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {40C852BF-7E05-4608-9E9A-29AFEDF03410} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {5CB95BF7-46E8-4E5D-B10D-F2E9B0F65B4E} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {892E5C52-1B4F-4062-8564-AA7193072B10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: {89759963-3388-4523-8203-B6E18DB9D332} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SkipCasper-Skip Casper SkipCasper => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-12-11] (Microsoft Corporation)
Task: {A0903AED-8563-498E-9A23-2C2975B2362D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A18373E9-B897-436E-A964-D03AD7E24B56} - System32\Tasks\Re-Markable_wd => C:\Program Files\Re-Markable\Re-Markable_wd.exe [2014-02-23] ()
Task: {ADD20018-7320-4415-A57D-8BE0D21BDBAF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-10-12] (Microsoft Corporation)
Task: {B8CFFC15-7BEC-4645-9061-69886C5F6EB7} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {B922F4F6-888E-43DD-AAED-F744597B63AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: {C28E9C10-0C88-40D2-9C3F-6B59B8506D99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9B2E398-8FF1-4BF6-812D-873F5280C4E5} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {E6F1A559-049B-4C0E-8CB4-87E8E07A66D3} - System32\Tasks\Regwork => C:\Program Files\RegWork\RegWork.exe
Task: {F0D0E5AC-3F5B-46C0-969A-C9BE3D50DE5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: {F2D1132F-7952-4935-AF84-7FC9AA9CA77F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-10-12] (Microsoft Corporation)
Task: {F9135511-C797-41AD-845E-8EDCE04C7352} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2010-05-06] (Lenovo Group Limited)
Task: {F9A01CC7-F115-423D-8647-1CC565519189} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000UA => C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000Core.job => C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000UA.job => C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\Re-Markable_wd.job => C:\Program Files\Re-Markable\Re-Markable_wd.exe
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-06-15 16:33 - 2010-05-06 12:21 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2013-11-21 12:49 - 2009-09-30 23:07 - 00011264 _____ () C:\Windows\System32\KOAZ8J_L.DLL
2010-08-29 12:35 - 2010-08-29 12:35 - 00051716 ____N () C:\Windows\System32\pdf995mon.dll
2013-11-21 12:49 - 2009-08-10 01:50 - 00868352 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOAZ8J_O.DLL
2010-04-22 17:26 - 2010-04-22 17:26 - 00020480 ____N () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
2004-10-04 04:47 - 2004-10-04 04:47 - 00098304 ____N () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
2004-10-04 04:46 - 2004-10-04 04:46 - 00147456 ____N () C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
2014-02-23 07:45 - 2014-02-23 07:45 - 00093184 _____ () C:\Program Files\Re-Markable\Re-Markable_wd.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-16 09:21 - 2012-08-16 09:21 - 00013312 ____N () C:\Program Files\CrashPlan\md5.dll
2014-02-26 14:40 - 2014-02-26 14:40 - 00197120 _____ () C:\Program Files\CrashPlan\cpnative.dll
2013-11-27 09:42 - 2013-08-23 13:44 - 00307880 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2rui.dll
2013-11-27 09:42 - 2013-11-01 23:35 - 00359592 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2r32.dll
2013-11-27 09:42 - 2013-11-01 23:35 - 00410792 _____ () C:\Program Files\Microsoft Office 15\ClientX86\StreamServer.dll
2004-10-04 03:40 - 2004-10-04 03:40 - 00118784 ____N () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
2014-02-23 07:45 - 2014-02-23 07:45 - 00181248 _____ () C:\Program Files\Re-Markable\Re-Markable154.exe
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 ____N () C:\Windows\System32\IccLibDll.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-11-27 09:43 - 2013-11-27 09:54 - 00121920 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2013-11-27 09:43 - 2013-11-27 09:43 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2013-12-11 09:11 - 2013-12-11 09:11 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-27 09:43 - 2013-11-27 09:43 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-11 09:11 - 2013-12-11 09:11 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Boingo Wi-Finder => "C:\Program Files\Boingo\Boingo Wi-Finder\Boingo.lnk"
MSCONFIG\startupreg: DailyBibleGuide EPM Support => "C:\PROGRA~1\DAILYB~2\bar\1.bin\2vmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: VNT => C:\Program Files\VNT\vntldr.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2014 00:02:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: POWERPNT.EXE, version: 15.0.4454.1000, time stamp: 0x509a39f9
Faulting module name: ppcore.dll, version: 15.0.4551.1009, time stamp: 0x52855b84
Exception code: 0xc0000005
Fault offset: 0x0001411d
Faulting process id: 0x1e4c
Faulting application start time: 0xPOWERPNT.EXE0
Faulting application path: POWERPNT.EXE1
Faulting module path: POWERPNT.EXE2
Report Id: POWERPNT.EXE3
 
Error: (03/06/2014 10:36:09 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/05/2014 03:45:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2014 03:44:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2014 03:43:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2014 03:43:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2014 03:42:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/05/2014 03:41:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2014 03:05:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: POWERPNT.EXE, version: 15.0.4454.1000, time stamp: 0x509a39f9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0042fff0
Faulting process id: 0x4a80
Faulting application start time: 0xPOWERPNT.EXE0
Faulting application path: POWERPNT.EXE1
Faulting module path: POWERPNT.EXE2
Report Id: POWERPNT.EXE3
 
Error: (03/05/2014 02:33:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2e6c
 
Start Time: 01cf38b1f5540749
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (03/07/2014 02:04:23 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/07/2014 01:57:15 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/07/2014 01:56:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (03/06/2014 10:02:57 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/06/2014 09:53:45 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/06/2014 09:52:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (03/06/2014 09:51:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:16:28 PM on ‎3/‎6/‎2014 was unexpected.
 
Error: (03/06/2014 10:08:02 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/06/2014 10:08:02 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (03/06/2014 10:08:02 AM) (Source: ipnathlp) (User: )
Description: 0
 
 
Microsoft Office Sessions:
=========================
Error: (11/29/2013 04:29:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/26/2013 10:14:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/26/2013 10:12:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 232 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (11/26/2013 10:08:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 291 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (11/25/2013 02:16:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (11/25/2013 02:11:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13972 seconds with 3720 seconds of active time.  This session ended with a crash.
 
Error: (11/25/2013 07:00:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81827 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (11/20/2013 11:10:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15542 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error: (11/18/2013 09:03:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 125 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (10/29/2013 09:17:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 47937 seconds with 6480 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2931.67 MB
Available physical RAM: 1440.14 MB
Total Pagefile: 5861.63 MB
Available Pagefile: 4098.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.52 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:92.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:7.39 GB) (Free:6.84 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 99DDF436)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 07 March 2014 - 03:45 PM

Ok. Then please continue with the follwing steps:


Step 1

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    DMUninstaller
    Re-Markable

  • Reboot your computer.

 

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 04:19 PM

AdwCleaner log:

# AdwCleaner v3.020 - Report created 07/03/2014 at 15:08:06
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Skip Casper - SKIPCASPER
# Running from : C:\Users\Skip Casper\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Skip Casper\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Skip Casper\AppData\Local\Conduit
Folder Deleted : C:\Users\Skip Casper\AppData\Local\PackageAware
Folder Deleted : C:\Users\Skip Casper\AppData\Local\SearchProtect
Folder Deleted : C:\Users\SKIPCA~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Skip Casper\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Skip Casper\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Skip Casper\Documents\Optimizer Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311948
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.crossrider.bic", "1448bc534f7db0549aa2fdf2e0d19243");
 
-\\ Google Chrome v
 
[ File : C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4740 octets] - [07/03/2014 15:07:30]
AdwCleaner[S0].txt - [4807 octets] - [07/03/2014 15:08:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4867 octets] ##########


#7 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 04:25 PM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Skip Casper (administrator) on SKIPCASPER on 07-03-2014 15:20:25
Running from C:\Users\Skip Casper\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
() C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Ricoh co.,Ltd.) C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
(Koninklijke Philips Electronics N.V.) C:\Users\Skip Casper\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Akamai Technologies, Inc.) C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(salesforce.com) C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Users\Skip Casper\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337256 2009-12-11] (Lenovo.)
HKLM\...\Run: [RotateImage] - C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-24] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-17] ()
HKLM\...\Run: [PWMTRV] - C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [886120 2010-05-06] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [36864 2009-10-13] ()
HKLM\...\Run: [MaxtorOneTouch] - C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [634880 2005-11-09] (Maxtor Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe [181608 2010-04-22] (Lenovo)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Google Update] - C:\Users\Skip Casper\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-15] (Google Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Skip Casper\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [ALconnect] - C:\Users\Skip Casper\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\Run: [Power2GoExpress] - [X]
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {343ea628-3fcf-11e0-859e-806e6f6e6963} - D:\WIN\setup.exe
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {9be7d6de-78cc-11df-be48-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3491551616-4246582641-1814448830-1000\...\MountPoints2: {f92fe6a1-c16a-11df-9b05-5cff350cff87} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\DriverInstaller.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Skip Casper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {EF24A6D9-9724-41BC-B578-EB75F48FAF65} URL = 
BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///D:/launch.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @DailyBibleGuide.com/Plugin - C:\Program Files\DailyBibleGuide\bar\1.bin\NP2vStub.dll (Mindspark)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin - C:\PROGRA~1\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Skip Casper\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Skip Casper\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Skip Casper\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Skip Casper\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Skip Casper\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-02-23]
FF Extension: DailyBibleGuide - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\2vffxtbr@DailyBibleGuide.com [2014-01-09]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\33.0.1750.146\gears.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Avery Toolbar) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-12-29]
CHR Extension: (Entanglement Web App) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-18]
CHR Extension: (Force.com LOGINS) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjbglicecgnpkpdhpbogkednmmbebec [2012-10-24]
CHR Extension: (Poppit) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-18]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2013-01-18]
CHR Extension: (Google Wallet) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2013-09-07]
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Skip Casper\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2010-04-22] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [259432 2010-04-22] (Lenovo)
R2 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [7454608 2013-05-08] (DisplayLink Corp.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [311184 2013-02-11] (Nuance Communications, Inc.)
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
S4 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-06] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-10-09] (Nitro PDF Software)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( )
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-11-01] (Microsoft Corporation)
R2 PhotoshopElementsDeviceConnect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [28672 2010-02-10] (Lenovo Group Limited)
 
==================== Drivers (Whitelisted) ====================
 
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [319488 2010-02-11] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [51456 2010-02-11] (Beceem communications pvt ltd.)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys [36752 2013-05-13] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [338736 2013-05-08] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [15664 2013-05-08] (DisplayLink Corp.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2010-06-15] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [37248 2010-06-08] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13752 2009-09-29] ()
S3 ADM851X; system32\DRIVERS\ADM851X.SYS [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 TdxMrMINI; system32\DRIVERS\TdxMrMini.sys [X]
S3 TdxVGAMINI; system32\DRIVERS\TdxVgaMini.sys [X]
S3 TdxVGAUSB; system32\drivers\TdxVGAUSB.sys [X]
S3 U2SP; system32\DRIVERS\u2s2kxp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-07 15:07 - 2014-03-07 15:08 - 00000000 ____D () C:\AdwCleaner
2014-03-07 15:03 - 2014-03-07 15:02 - 01244192 _____ () C:\Users\Skip Casper\Desktop\AdwCleaner.exe
2014-03-07 14:11 - 2014-03-07 14:12 - 00046376 _____ () C:\Users\Skip Casper\Desktop\Addition.txt
2014-03-07 14:10 - 2014-03-07 15:20 - 00026565 _____ () C:\Users\Skip Casper\Desktop\FRST.txt
2014-03-07 14:10 - 2014-03-07 15:20 - 00000000 ____D () C:\FRST
2014-03-07 14:00 - 2014-03-07 13:57 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Skip Casper\Desktop\tdsskiller.exe
2014-03-07 14:00 - 2014-03-07 13:57 - 01145344 _____ (Farbar) C:\Users\Skip Casper\Desktop\FRST.exe
2014-03-06 22:18 - 2014-03-06 22:20 - 00028592 _____ () C:\Users\Skip Casper\Desktop\dds.txt
2014-03-06 22:18 - 2014-03-06 22:20 - 00015753 _____ () C:\Users\Skip Casper\Desktop\attach.txt
2014-03-06 22:14 - 2014-03-06 22:08 - 00688992 ____R (Swearware) C:\Users\Skip Casper\Desktop\dds.com
2014-03-05 20:29 - 2014-03-05 20:30 - 00261370 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-04 11:01 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-04 10:48 - 2014-03-04 10:48 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml (1).msi
2014-03-04 10:34 - 2014-03-04 10:35 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml.msi
2014-03-04 10:15 - 2013-10-01 18:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-04 10:15 - 2013-10-01 18:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-04 10:15 - 2013-10-01 18:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-04 10:15 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-04 10:15 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-04 10:15 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-04 10:15 - 2013-10-01 17:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-04 10:15 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-04 10:15 - 2013-10-01 17:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-04 10:15 - 2013-10-01 16:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-04 10:15 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-04 10:13 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-04 10:01 - 2014-03-04 10:01 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 10:01 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-03-04 10:00 - 2014-03-04 10:01 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 10:00 - 2014-03-04 10:01 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 10:00 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 09:59 - 2014-03-04 09:59 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-04 09:34 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2014-03-04 02:30 - 2014-03-04 02:30 - 00001732 _____ () C:\tvtpktfilter.dat
2014-03-03 15:24 - 2014-03-03 15:24 - 00116423 _____ () C:\Users\Skip Casper\Documents\Copy of Sedgebrook-FIX.xlsx
2014-02-23 08:08 - 2014-02-23 08:08 - 00002000 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-19 08:18 - 2014-02-19 08:18 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-02-12 21:04 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\Skip Casper\AppData\OICE_15_974FA576_32C1D314_5F1
2014-02-12 18:09 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:09 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:09 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 18:09 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 18:09 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 18:09 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:09 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:09 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 18:09 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:09 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:09 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 18:09 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 18:09 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 18:09 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:09 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 18:09 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:09 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:09 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:09 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:09 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:09 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:59 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:52 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 04:52 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 04:52 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 04:52 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 04:52 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 04:52 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 04:52 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 04:52 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 04:52 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 11:15 - 2014-02-11 11:15 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 11:14 - 2014-02-11 11:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 11:14 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 11:13 - 2014-02-11 11:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Skip Casper\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-10 15:21 - 2013-09-30 21:14 - 04449200 _____ (TeamViewer) C:\Users\Skip Casper\Desktop\TeamViewerQS_v8.exe
2014-02-09 13:24 - 2014-02-09 14:45 - 01772032 ___SH () C:\Users\Skip Casper\Documents\Thumbs.db
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\{D68B2EA5-47F7-499C-A932-852CFAC579C7}
2014-02-08 14:50 - 2014-02-08 14:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\IsolatedStorage
2014-02-07 10:54 - 2014-02-07 10:54 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-07 10:54 - 2014-02-07 10:54 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-07 10:54 - 2014-02-07 10:54 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-07 10:54 - 2014-02-07 10:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-06 20:34 - 2014-02-06 20:34 - 00001779 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-06 20:34 - 2014-02-06 20:34 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\Skip Casper\Documents\My Digital Editions
2014-02-05 12:06 - 2014-03-04 21:11 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-RAK presentaion
 
==================== One Month Modified Files and Folders =======
 
2014-03-07 15:20 - 2014-03-07 14:10 - 00026565 _____ () C:\Users\Skip Casper\Desktop\FRST.txt
2014-03-07 15:20 - 2014-03-07 14:10 - 00000000 ____D () C:\FRST
2014-03-07 15:18 - 2009-07-13 22:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 15:18 - 2009-07-13 22:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 15:13 - 2011-12-22 13:53 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-03-07 15:12 - 2011-11-30 10:23 - 00000000 ___RD () C:\Users\Skip Casper\Dropbox
2014-03-07 15:12 - 2011-11-30 10:19 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Dropbox
2014-03-07 15:12 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing
2014-03-07 15:11 - 2013-11-21 12:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-03-07 15:10 - 2013-12-01 20:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-07 15:10 - 2011-03-15 12:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 15:10 - 2010-08-24 20:22 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-03-07 15:10 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 15:09 - 2010-06-15 16:38 - 01377944 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 15:09 - 2009-07-13 22:39 - 00239004 _____ () C:\Windows\setupact.log
2014-03-07 15:08 - 2014-03-07 15:07 - 00000000 ____D () C:\AdwCleaner
2014-03-07 15:02 - 2014-03-07 15:03 - 01244192 _____ () C:\Users\Skip Casper\Desktop\AdwCleaner.exe
2014-03-07 14:27 - 2010-09-16 11:07 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\CrashDumps
2014-03-07 14:12 - 2014-03-07 14:11 - 00046376 _____ () C:\Users\Skip Casper\Desktop\Addition.txt
2014-03-07 13:57 - 2014-03-07 14:00 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Skip Casper\Desktop\tdsskiller.exe
2014-03-07 13:57 - 2014-03-07 14:00 - 01145344 _____ (Farbar) C:\Users\Skip Casper\Desktop\FRST.exe
2014-03-06 22:35 - 2011-03-15 12:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 22:20 - 2014-03-06 22:18 - 00028592 _____ () C:\Users\Skip Casper\Desktop\dds.txt
2014-03-06 22:20 - 2014-03-06 22:18 - 00015753 _____ () C:\Users\Skip Casper\Desktop\attach.txt
2014-03-06 22:08 - 2014-03-06 22:14 - 00688992 ____R (Swearware) C:\Users\Skip Casper\Desktop\dds.com
2014-03-06 21:53 - 2012-03-29 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 21:53 - 2011-05-18 11:17 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000UA.job
2014-03-06 12:16 - 2010-06-24 13:32 - 00000000 ____D () C:\Users\Skip Casper\Desktop\Outlook
2014-03-06 11:02 - 2009-07-20 23:30 - 00792708 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 10:35 - 2012-11-14 12:11 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Nitro PDF
2014-03-05 20:30 - 2014-03-05 20:29 - 00261370 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-05 15:48 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-03-05 14:34 - 2011-01-07 12:19 - 00000000 ____D () C:\Users\Skip Casper\Desktop\Torrey
2014-03-05 10:54 - 2010-08-29 12:35 - 00000059 _____ () C:\Windows\wpd99.drv
2014-03-05 10:54 - 2010-08-29 12:35 - 00000000 ____D () C:\ProgramData\pdf995
2014-03-05 09:41 - 2011-05-18 11:17 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3491551616-4246582641-1814448830-1000Core.job
2014-03-04 22:22 - 2013-10-22 12:19 - 00000000 ____D () C:\Users\Skip Casper\Documents\000000-Mirkovich
2014-03-04 21:53 - 2011-10-05 10:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Mozilla
2014-03-04 21:11 - 2014-02-05 12:06 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-RAK presentaion
2014-03-04 12:19 - 2010-06-22 00:27 - 00000000 ____D () C:\Users\Skip Casper
2014-03-04 10:53 - 2012-07-12 16:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 10:50 - 2010-06-23 13:41 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-04 10:48 - 2014-03-04 10:48 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml (1).msi
2014-03-04 10:44 - 2011-10-05 10:50 - 00001120 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 10:43 - 2011-10-05 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 10:35 - 2014-03-04 10:34 - 02434048 _____ () C:\Users\Skip Casper\Downloads\msxml.msi
2014-03-04 10:01 - 2014-03-04 10:01 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-04 10:01 - 2014-03-04 10:00 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-04 10:01 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iTunes
2014-03-04 10:00 - 2014-03-04 10:00 - 00000000 ____D () C:\Program Files\iPod
2014-03-04 10:00 - 2010-07-12 06:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-04 09:59 - 2014-03-04 09:59 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-04 09:58 - 2010-07-12 06:12 - 00000000 ____D () C:\ProgramData\Apple
2014-03-04 07:56 - 2011-05-18 11:18 - 00002412 _____ () C:\Users\Skip Casper\Desktop\Google Chrome.lnk
2014-03-04 06:20 - 2010-06-23 14:06 - 01268356 _____ () C:\Windows\PFRO.log
2014-03-04 02:30 - 2014-03-04 02:30 - 00001732 _____ () C:\tvtpktfilter.dat
2014-03-04 02:30 - 2010-06-15 16:35 - 00000000 ____D () C:\swshare
2014-03-04 00:32 - 2011-04-11 13:44 - 00165376 ___SH () C:\Users\Skip Casper\Desktop\Thumbs.db
2014-03-04 00:25 - 2011-10-05 10:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Mozilla
2014-03-04 00:06 - 2011-12-22 13:53 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-04 00:05 - 2009-07-13 20:37 - 00000000 __RSD () C:\Windows\Media
2014-03-03 15:24 - 2014-03-03 15:24 - 00116423 _____ () C:\Users\Skip Casper\Documents\Copy of Sedgebrook-FIX.xlsx
2014-03-03 13:33 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-03-03 09:22 - 2011-12-20 14:32 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Consulting
2014-02-28 09:40 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-27 14:22 - 2010-06-23 18:36 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-HLC
2014-02-26 16:20 - 2010-06-23 18:32 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Family
2014-02-26 14:41 - 2012-10-06 11:29 - 00000000 ____D () C:\Program Files\CrashPlan
2014-02-26 14:38 - 2010-06-15 16:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-25 22:08 - 2013-12-11 13:19 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\VNT
2014-02-25 21:45 - 2013-12-11 13:19 - 00000000 ____D () C:\Program Files\VNT
2014-02-25 16:12 - 2010-06-22 19:25 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Adobe
2014-02-24 16:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-23 08:08 - 2014-02-23 08:08 - 00002000 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-23 08:08 - 2010-10-23 10:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-23 08:07 - 2010-10-23 10:24 - 00000000 ____D () C:\Program Files\Adobe
2014-02-23 08:07 - 2010-06-22 19:27 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Adobe
2014-02-23 07:45 - 2014-02-23 07:45 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-02-22 15:54 - 2012-03-29 19:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-22 15:54 - 2011-10-25 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:42 - 2010-06-23 18:42 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Service Ideas
2014-02-20 17:10 - 2013-06-11 09:30 - 00000000 ____D () C:\Users\Skip Casper\Desktop\1-HLC
2014-02-20 13:50 - 2010-06-23 18:38 - 00000000 ____D () C:\Users\Skip Casper\Documents\00000-Budget
2014-02-19 08:18 - 2014-02-19 08:18 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-02-15 13:09 - 2012-10-24 12:21 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-02-12 21:04 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\Skip Casper\AppData\OICE_15_974FA576_32C1D314_5F1
2014-02-12 18:06 - 2013-07-27 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 18:03 - 2010-07-07 07:47 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 16:00 - 2013-03-28 09:42 - 00000000 ____D () C:\Users\Skip Casper\Documents\1-Gene
2014-02-11 15:09 - 2010-06-23 18:38 - 00000000 ____D () C:\Users\Skip Casper\Documents\Logos
2014-02-11 11:15 - 2014-02-11 11:15 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 11:15 - 2014-02-11 11:14 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 11:14 - 2014-02-11 11:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Skip Casper\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-11 11:00 - 2011-02-21 11:58 - 00000000 ____D () C:\Users\Skip Casper\AppData\Roaming\TeamViewer
2014-02-09 15:46 - 2010-06-23 18:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-09 14:45 - 2014-02-09 13:24 - 01772032 ___SH () C:\Users\Skip Casper\Documents\Thumbs.db
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\{D68B2EA5-47F7-499C-A932-852CFAC579C7}
2014-02-09 12:49 - 2010-11-16 17:31 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\Windows Live
2014-02-08 14:50 - 2014-02-08 14:50 - 00000000 ____D () C:\Users\Skip Casper\AppData\Local\IsolatedStorage
2014-02-07 10:56 - 2013-12-10 17:18 - 00169595 _____ () C:\Windows\IE11_main.log
2014-02-07 10:54 - 2014-02-07 10:54 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-07 10:54 - 2014-02-07 10:54 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-07 10:54 - 2014-02-07 10:54 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-07 10:54 - 2014-02-07 10:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-07 10:54 - 2014-02-07 10:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-07 10:54 - 2014-02-07 10:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-06 20:34 - 2014-02-06 20:34 - 00001779 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-02-06 20:34 - 2014-02-06 20:34 - 00000329 _____ () C:\Users\Public\Desktop\View Credit Score.url
2014-02-06 20:34 - 2013-05-01 15:56 - 00000120 _____ () C:\Windows\QUICKEN.INI
2014-02-06 16:55 - 2014-02-06 16:55 - 00000000 ____D () C:\Users\Skip Casper\Documents\My Digital Editions
2014-02-06 04:38 - 2014-02-12 18:09 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:20 - 2014-02-12 18:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:19 - 2014-02-12 18:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:01 - 2014-02-12 18:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:00 - 2014-02-12 18:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 18:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:52 - 2014-02-12 18:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 18:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:49 - 2014-02-12 18:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:47 - 2014-02-12 18:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:47 - 2014-02-12 18:09 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:46 - 2014-02-12 18:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:34 - 2014-02-12 18:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:25 - 2014-02-12 18:09 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:25 - 2014-02-12 18:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:13 - 2014-02-12 18:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 18:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 18:09 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:41 - 2014-02-12 18:09 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:36 - 2014-02-12 18:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:34 - 2014-02-12 18:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLck.DAT
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLeu.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Skip Casper\Illustrator_15_LS1.exe
 
 
Some content of TEMP:
====================
C:\Users\Skip Casper\AppData\Local\Temp\BackupSetup.exe
C:\Users\Skip Casper\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Skip Casper\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Skip Casper\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Skip Casper\AppData\Local\Temp\n0iuoeno.dll
C:\Users\Skip Casper\AppData\Local\Temp\nitro_pro8.exe
C:\Users\Skip Casper\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Skip Casper\AppData\Local\Temp\ose00000.exe
C:\Users\Skip Casper\AppData\Local\Temp\pib2oeml.dll
C:\Users\Skip Casper\AppData\Local\Temp\Quarantine.exe
C:\Users\Skip Casper\AppData\Local\Temp\Scrubly.exe
C:\Users\Skip Casper\AppData\Local\Temp\Setup.X86.en-US_ProfessionalRetail_c17afb0f-20b3-4ca1-baa8-7da455215c42_TX_PR_.exe
C:\Users\Skip Casper\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\Skip Casper\AppData\Local\Temp\tbFLV_.dll
C:\Users\Skip Casper\AppData\Local\Temp\vghvlryz.dll
C:\Users\Skip Casper\AppData\Local\Temp\vrpyuqft.dll
C:\Users\Skip Casper\AppData\Local\Temp\{55D510D1-8744-4E00-855E-9C216ACA85D4}-32.0.1700.102_32.0.1700.76_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 11:13
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 07 March 2014 - 04:38 PM

Good. Let's go after some remnants now.
How is the computer running after the following fix? What problems or symptoms are still present?


Please download this attached Attached File  fixlist.txt   1.45KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#9 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 04:54 PM

I haven't tried to run anything as we have been doing this fix. I will after this post: 

 

FRST log (w/ fixlist):

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-03-2014 01
Ran by Skip Casper at 2014-03-07 15:53:17 Run:1
Running from C:\Users\Skip Casper\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
BHO: Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
Toolbar: HKLM - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
Toolbar: HKCU - Avery Toolbar - {41565256-3700-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll" No File
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-02-23]
FF Extension: DailyBibleGuide - C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\2vffxtbr@DailyBibleGuide.com [2014-01-09]
CHR Extension: (Avery Toolbar) - C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj [2013-12-29]
CHR HKLM\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2013-09-07]
C:\Users\Skip Casper\AppData\Local\Temp\*.exe
C:\Users\Skip Casper\AppData\Local\Temp\*.dll
 
 
 
 
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B14C64C3-2D4C-43DE-A276-6530F6CE6975} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B14C64C3-2D4C-43DE-A276-6530F6CE6975} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41565256-3700-A76A-76A7-7A786E7484D7} => Key deleted successfully.
HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41565256-3700-A76A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41565256-3700-A76A-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41565256-3700-A76A-76A7-7A786E7484D7} => Key not found.
C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com => Moved successfully.
C:\Users\Skip Casper\AppData\Roaming\Mozilla\Firefox\Profiles\ik3o7tsm.default\Extensions\2vffxtbr@DailyBibleGuide.com => Moved successfully.
C:\Users\Skip Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaigmelgfmkfjicbbgbkcbagedejhj => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx" => File/Directory not found.
C:\Users\Skip Casper\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Skip Casper\AppData\Local\Temp\*.dll => Moved successfully.
 
==== End of Fixlog ====


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 07 March 2014 - 05:17 PM

All right. Test the computer now and tell me please what problems still persist now.



#11 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 March 2014 - 05:32 PM

I think we are good. I am not seeing a deluge of popups starting when surfing. Things seem to be stable.



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 07 March 2014 - 05:36 PM

Ok, then let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#13 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 March 2014 - 02:17 AM

ESET log:

 

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\AVRV7\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\FRST\Quarantine\tbFLV_.dll07-03-2014_15-53-21 a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\119_similar_web_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\123_intext_adv_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\178_revizer_ws_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\179_revizer_p_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\180_bpo_serp_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\190_pops_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\195_icm_convertmedia_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\221_icm_downloads_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\223_imonomy_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com07-03-2014_15-53-18\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files\DailyBibleGuide\bar\1.bin\2vskin.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\Program Files\DailyBibleGuide\bar\1.bin\AppIntegrator64.exe a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files\DailyBibleGuide\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files\DailyBibleGuide\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Program Files\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Skip Casper\AppData\Local\Temp\wee9B9F.tmp a variant of MSIL/DomaIQ.W potentially unwanted application
C:\Users\Skip Casper\AppData\Local\Temp\0a86cc53-3c6a-4737-a688-00cfdcbfc4ce\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application
C:\Users\Skip Casper\AppData\Local\Temp\0a86cc53-3c6a-4737-a688-00cfdcbfc4ce\software\hq-video.exe Win32/Packed.ScrambleWrapper.J potentially unwanted application
C:\Users\Skip Casper\AppData\Local\Temp\{8BA5A240-A609-4818-BD2B-C4A18D329092}\setup.exe multiple threats
C:\Users\Skip Casper\AppData\Local\VNT\vntldr.exe a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Skip Casper\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVRV7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVRV7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVRV7[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 08 March 2014 - 03:07 PM

This is looking very good. Most of the found files are already in quarantine from AdwCleaner or FRST. And the rest is harmless too. Let's take care of these and then we're done.


Please download this attached Attached File  fixlist.txt   206bytes   1 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.

 

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Java™ 6 Update 29




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


Edited by aharonov, 08 March 2014 - 03:10 PM.


#15 tnagle3

tnagle3
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 March 2014 - 05:33 PM

Thank you very much for all your help. My neighbor Skip would never have been able to deal with this. We truly appreciate it. Your next few beers are on us!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users