Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Settings Reverting Back to 127.0.0.1


  • This topic is locked This topic is locked
21 replies to this topic

#1 spike1226

spike1226

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 29 November 2014 - 01:16 PM

I have read at great length about this issue and am convinced my new Lenovo laptop is infected.  What I am not sure of is the scripts I read from Bleeping Computer are generic to be used for each person or if logs need to be reviewed to determine steps to take?  I have run Malwarebytes and it found 10 non malware items which I quarantined for fun and found nothing after running ADwCleaner.  I have started this topic with the obligatory DDS paste below and look forward to your help in resolving the issue.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420
Run by Susan at 10:54:36 on 2014-11-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3800.312 [GMT -7:00]
.
AV: Trend Micro Internet Security *Enabled/Updated* {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Internet Security *Enabled/Updated* {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Susan\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\Susan\AppData\Local\Workspace\wben.exe
C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Integrated Camera\Monitor.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Susan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Susan\AppData\Local\GeniusBox\Client.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\chrome_extension2\host\chrome_native_msg_host.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyServer = hxxp=127.0.0.1:49197;https=127.0.0.1:49197
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Starfield Updater] "C:\Users\Susan\AppData\Local\Workspace\WorkspaceUpdate.exe"
uRun: [wben] "C:\Users\Susan\AppData\Local\Workspace\wben.exe"
uRun: [Workspace Status] "C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
mRun: [Integrated Camera_Monitor] "C:\Program Files (x86)\Integrated Camera\monitor.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mRun: [Lexmark S300-S400 Series] "C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe" /s
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Susan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com
Trusted Zone: intuit.net
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{94D28762-DB9B-4735-A783-4030F3FE09B1} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Trend Micro Security Toolbar Helper: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-BHO: TmIEPlugInBHO Class: {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: Trend Micro Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [Enhanced Performance Keyboard] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [MFACApp] "C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe"
x64-Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Platinum] "C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe" -StartUp
x64-Run: [WLM] "C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe"
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll
x64-Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2014-8-22 29512]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\drivers\excsd.sys [2014-8-22 117488]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-8-22 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-8-22 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-22 20464]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2014-11-5 50976]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2014-1-29 29496]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\drivers\excfs.sys [2014-8-22 25840]
R1 OMNISMI;OMNISMI;C:\Windows\SysWOW64\drivers\omnismi.sys [2014-8-22 14776]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2014-11-5 93664]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-11-5 308344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2014-1-13 1198456]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2014-1-13 1710456]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2014-1-13 1161592]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-11-5 2443960]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-3-31 9954096]
R2 ExpressCache;ExpressCache;C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-11-18 828656]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2014-8-22 140016]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2014-10-20 697472]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-8-22 169432]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-8-22 59224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-8-22 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-8-22 73048]
R2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2014-8-22 197464]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2014-8-22 136288]
R2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [2014-8-22 21552]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [2014-5-15 230920]
R2 NitroUpdateService;NitroUpdateService;C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-5-15 417800]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-5-15 69640]
R2 PelService;Session Launcher Service;C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [2014-11-5 178688]
R2 Platinum Host Service;Platinum Host Service;C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [2014-11-5 1187376]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-9-29 1248256]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\drivers\tmusa.sys [2014-11-5 106296]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-11-20 124400]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-8-22 126512]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2013-10-28 49040]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-5-29 3816176]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-11-7 140600]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-12-11 1419576]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-6-14 31216]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-8-22 488216]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-12-10 169680]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-22 368624]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-22 790000]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-11-11 25528]
R3 phidmice;USB Mouse Low Filter WU Driver;C:\Windows\System32\drivers\phidmice.sys [2014-11-5 34816]
R3 pmouself;Mouse Suite WU Driver;C:\Windows\System32\drivers\pmouself.SYS [2014-11-5 23040]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2014-8-22 1669920]
R3 pvendrlf;Mouse Suite I/O WU Driver;C:\Windows\System32\drivers\pvendrlf.SYS [2014-11-5 12288]
R3 QuickControlService;Lenovo QuickControl Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2014-6-11 316400]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2014-8-22 423128]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-8-22 31472]
R3 SPUVCbv;SPUVCb Driver Service;C:\Windows\System32\drivers\SPUVCBv_x64.sys [2014-3-17 1521312]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2014-11-5 106296]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2014-11-5 407864]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2014-11-10 45736]
S2 omaha;Nok Nok Labs Update Service (omaha);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-8-22 148224]
S2 QuickControlMasterSvc;Lenovo QuickControl Master Service;C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2014-6-11 61936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2014-8-22 320560]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2014-8-22 56048]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-11-11 35256]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-8-22 450520]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe [2014-8-22 533760]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-5-29 284912]
S3 omaham;Nok Nok Labs Update Service (omaham);C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [2014-8-22 148224]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-8-22 1664800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-29 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-29 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-11-29 15:47:17 -------- d-----w- C:\AdwCleaner
2014-11-29 02:00:04 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-29 01:59:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-29 01:59:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-29 01:59:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-29 01:59:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-29 01:59:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 01:59:24 -------- d-----w- C:\Users\Susan\AppData\Local\Programs
2014-11-28 17:11:06 -------- d-----w- C:\Users\Susan\AppData\Local\Diagnostics
2014-11-25 01:46:28 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieBrowserModeList
2014-11-21 20:35:31 1235429 ----a-w- C:\ProgramData\SPL1C85.tmp
2014-11-18 23:07:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 23:07:35 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 23:07:34 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 23:07:34 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-17 23:44:59 -------- d-----w- C:\Users\Susan\AppData\Local\Microsoft Help
2014-11-14 12:36:32 84208 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2014-11-14 12:36:32 72432 ----a-w- C:\Windows\System32\ibmpmctl.exe
2014-11-14 12:36:32 60112 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2014-11-14 12:36:32 40176 ----a-w- C:\Windows\System32\tpinspm.dll
2014-11-11 23:47:13 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-11 23:46:59 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-11 23:46:59 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-11 23:46:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-11 23:46:54 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-11 01:22:10 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-11-10 23:35:37 -------- d-----w- C:\Users\Susan\AppData\Local\LogMeIn Rescue Applet
2014-11-10 22:30:47 -------- d-----r- C:\Users\Susan\Dropbox
2014-11-10 22:28:18 -------- d-----w- C:\Users\Susan\AppData\Roaming\Dropbox
2014-11-10 22:22:44 -------- d-----w- C:\Users\Susan\AppData\Local\offsync
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-10 22:18:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-10 22:17:22 -------- d-----w- C:\Users\Susan\AppData\Local\Apple
2014-11-10 22:10:04 -------- d-----w- C:\Windows\Workspace Logs
2014-11-10 22:10:01 -------- d-----w- C:\Program Files (x86)\Workspace
2014-11-10 22:09:28 -------- d-----w- C:\Users\Susan\AppData\Local\Workspace
2014-11-10 21:59:10 -------- d-----w- C:\Users\Susan\AppData\Roaming\IrfanView
2014-11-10 21:59:10 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-11-10 21:37:31 -------- d-----w- C:\ProgramData\ALM
2014-11-10 21:04:47 -------- d-----w- C:\Users\Susan\AppData\Roaming\S300-S400 Series
2014-11-10 20:55:20 -------- d-----w- C:\ProgramData\Ezprint
2014-11-10 20:54:23 -------- d-----w- C:\ProgramData\Lx_cats
2014-11-10 20:52:49 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxeadrpp.dll
2014-11-10 20:52:21 109056 ----a-w- C:\Windows\System32\lxeavs.dll
2014-11-10 20:52:19 836608 ----a-w- C:\Windows\System32\lxeacoin.dll
2014-11-10 20:52:19 1462272 ----a-w- C:\Windows\System32\lxk_g.dll
2014-11-10 20:52:17 983121 ----a-w- C:\Windows\System32\lxk_gf.dll
2014-11-10 20:52:17 65536 ----a-w- C:\Windows\System32\lxeagcfg.dll
2014-11-10 20:52:17 399360 ----a-w- C:\Windows\System32\lxeacui.dll
2014-11-10 20:52:17 148480 ----a-w- C:\Windows\System32\lxeacuir.dll
2014-11-10 20:51:59 -------- d-----w- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2014-11-10 20:50:20 53760 ----a-w- C:\Windows\System32\LXEAPMON.DLL
2014-11-10 20:50:20 4485120 ----a-w- C:\Windows\System32\LXEAoem.dll
2014-11-10 20:50:20 21504 ----a-w- C:\Windows\System32\LXEAFXPU.DLL
2014-11-10 20:50:19 3584 ----a-w- C:\Windows\System32\LXEAPMRC.DLL
2014-11-10 20:50:18 -------- d-----w- C:\ProgramData\S300-S400 Series
2014-11-10 20:50:03 510464 ----a-w- C:\Windows\System32\LXEAwupd.dll
2014-11-10 20:50:03 295592 ----a-w- C:\Windows\System32\LXEAwupd.exe
2014-11-10 20:45:11 299008 ----a-w- C:\Windows\SysWow64\LXEAsm.dll
2014-11-10 20:45:11 23552 ----a-w- C:\Windows\SysWow64\LXEAsmr.dll
2014-11-10 20:45:11 -------- d-----w- C:\Program Files\Lexmark S300-S400 Series
2014-11-10 20:45:10 381440 ----a-w- C:\Windows\System32\lxeasm.dll
2014-11-10 20:45:10 23552 ----a-w- C:\Windows\System32\lxeasmr.dll
2014-11-10 20:41:46 -------- d-----w- C:\Users\Susan\AppData\Local\Power2Go
2014-11-10 20:38:56 -------- d-----w- C:\ProgramData\install_clap
2014-11-10 20:38:21 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2014-11-10 20:38:20 59904 ----a-w- C:\Windows\SysWow64\wbemdisp.tlb
2014-11-10 20:38:20 23664 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2014-11-10 20:38:20 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll
2014-11-10 20:38:20 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL
2014-11-10 20:28:26 -------- d-----w- C:\ProgramData\CLSK
2014-11-10 18:02:13 22528 ----a-w- C:\Users\Susan\AppData\Local\2353852dsisetup23612772.exe
2014-11-07 10:01:02 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-11-06 22:16:46 -------- d-----w- C:\ProgramData\SQL Anywhere 11
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-11-06 21:12:40 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-11-06 21:12:40 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-11-06 20:19:19 -------- d-----w- C:\Users\Susan\AppData\Local\Intuit
2014-11-06 20:19:15 -------- d-----w- C:\Windows\Intuit
2014-11-06 20:18:07 4218880 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2014-11-06 20:14:02 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2014-11-06 20:13:58 -------- d-----w- C:\ProgramData\Nuance
2014-11-06 20:13:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2014-11-06 20:13:33 -------- d-----w- C:\ProgramData\COMMON FILES
2014-11-06 20:13:01 -------- d-----w- C:\Program Files (x86)\Intuit
2014-11-06 20:12:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-06 20:12:54 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 20:12:04 -------- d-----w- C:\ProgramData\INTUIT
2014-11-06 19:46:14 -------- d-----w- C:\Program Files (x86)\Akamai
2014-11-06 15:37:06 -------- d-s---w- C:\Windows\System32\CompatTel
2014-11-06 15:37:05 -------- d-----w- C:\Windows\SysWow64\Wat
2014-11-06 15:37:05 -------- d-----w- C:\Windows\System32\Wat
2014-11-06 15:27:45 -------- d-----w- C:\Windows\Migration
2014-11-06 14:45:52 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-06 14:45:51 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-06 14:36:07 -------- d-----w- C:\Windows\System32\MRT
2014-11-06 14:34:40 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-06 14:34:40 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-06 14:34:40 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-06 14:34:40 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-06 14:34:38 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-06 14:34:38 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-06 14:34:24 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-06 14:34:24 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-06 14:14:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-11-06 14:14:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-11-06 14:10:47 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-11-06 14:09:13 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-06 14:09:13 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-11-06 14:09:13 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-11-06 14:06:55 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-11-06 14:06:55 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-11-06 14:06:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-11-06 14:06:41 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-11-06 14:06:41 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-11-06 02:33:41 -------- d-----r- C:\Users\Susan\OneDrive
2014-11-06 02:14:29 -------- d-----w- C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
2014-11-06 01:47:26 -------- d--h--w- C:\TMRescueDisk
2014-11-06 01:42:35 407864 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2014-11-06 01:42:35 106296 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2014-11-06 01:42:31 93664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2014-11-06 01:42:31 50976 ----a-w- C:\Windows\System32\drivers\TMEBC64.sys
2014-11-06 01:42:31 305832 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-11-06 01:42:31 121944 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2014-11-06 01:42:27 106296 ----a-w- C:\Windows\System32\drivers\tmusa.sys
2014-11-06 01:41:36 59 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2014-11-06 01:41:14 -------- d-----w- C:\Program Files\Trend Micro
2014-11-06 01:41:09 -------- d-----w- C:\ProgramData\Trend Micro
2014-11-06 01:37:55 -------- d-----w- C:\Users\Susan\AppData\Local\Trend Micro
2014-11-06 01:33:46 -------- d-----w- C:\ProgramData\Trend Micro Installer
2014-11-06 01:17:27 -------- d-----w- C:\Users\Susan\AppData\Roaming\PwrMgr
2014-11-06 01:13:43 -------- d-----w- C:\Users\Susan\AppData\Local\LenovoReach
2014-11-06 00:18:50 34816 ------w- C:\Windows\System32\drivers\PELUSBLF.SYS
2014-11-06 00:18:50 23040 ------w- C:\Windows\System32\drivers\PELMOUSE.SYS
2014-11-06 00:18:50 22528 ------w- C:\Windows\System32\drivers\PELMOUBT.SYS
2014-11-06 00:18:50 16384 ------w- C:\Windows\System32\drivers\PELBTM.SYS
2014-11-06 00:18:50 14336 ------w- C:\Windows\System32\drivers\PELPS2M.SYS
2014-11-06 00:18:50 11776 ------w- C:\Windows\System32\drivers\PELVENDR.SYS
2014-11-06 00:18:48 414632 ----a-w- C:\Windows\difxapi.dll
2014-11-06 00:18:44 -------- d-----w- C:\drivers
2014-11-06 00:16:31 34816 ----a-w- C:\Windows\System32\drivers\phidmice.sys
2014-11-06 00:16:31 23040 ----a-w- C:\Windows\System32\drivers\pmouself.SYS
2014-11-06 00:16:31 12288 ----a-w- C:\Windows\System32\drivers\pvendrlf.SYS
2014-11-06 00:16:30 177152 ----a-w- C:\Windows\System32\LeCoinst.dll
2014-11-06 00:15:28 -------- d-----w- C:\Program Files\Nok Nok Labs
2014-11-06 00:10:53 590536 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-11-06 00:10:02 -------- d-----w- C:\Users\Susan\AppData\Local\CrashDumps
2014-11-06 00:08:47 -------- d-----w- C:\Program Files\Microsoft Office 15
2014-11-06 00:08:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-11-06 00:08:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-11-06 00:08:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-11-06 00:05:30 -------- d-----w- C:\Users\Susan\AppData\Local\Adobe
2014-11-06 00:05:02 -------- d-----w- C:\Users\Susan\AppData\Roaming\LSC
2014-11-06 00:04:07 -------- d-----w- C:\Users\Susan\AppData\Local\Google
2014-11-06 00:02:56 -------- d-----w- C:\Users\Susan\AppData\Local\GeniusBox
2014-11-06 00:00:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-05 23:57:31 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieUserList
2014-11-05 23:57:31 -------- d-sh--w- C:\Users\Susan\AppData\Local\EmieSiteList
2014-11-05 23:57:09 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-11-05 23:57:04 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-11-05 23:57:04 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-11-05 23:55:23 -------- d-----w- C:\Users\Susan\AppData\Roaming\Intel
.
==================== Find3M  ====================
.
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-02 21:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-09-29 23:21:24 1721752 ----a-w- C:\Windows\SysWow64\InetClnt.dll
2014-09-29 23:16:14 205848 ----a-w- C:\Windows\SysWow64\THREED32.OCX
2014-09-29 23:16:14 1694992 ----a-w- C:\Windows\SysWow64\VBA6.DLL
2014-09-29 23:16:02 741008 ----a-w- C:\Windows\SysWow64\SPR32D30.DLL
2014-09-29 23:16:02 1003152 ----a-w- C:\Windows\SysWow64\SPR32X30.OCX
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 12:51:04 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
2014-09-04 12:50:54 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-09-01 10:01:16 49040 ----a-w- C:\Windows\System32\valWBFPolicyService.exe
2014-09-01 10:01:16 212880 ----a-w- C:\Windows\System32\drivers\UMDF\wbf_vfs_lvcmn.dll
2014-09-01 09:30:08 3655056 ----a-w- C:\Windows\System32\vcsAPIFORWBF.dll
2014-09-01 09:30:08 31232 ----a-w- C:\Windows\System32\LenovoSysCheck.dll
.
============= FINISH: 10:55:15.47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 04 December 2014 - 11:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 04 December 2014 - 11:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Susan (administrator) on SUSAN-PC on 04-12-2014 09:19:03
Running from C:\Users\Susan\Downloads
Loaded Profile: Susan (Available profiles: Susan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
() C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxeacoms.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Starfield Technologies) C:\Users\Susan\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\Susan\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intuit Inc. All rights reserved.) C:\Users\Susan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Users\Susan\AppData\Local\GeniusBox\Client.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Susan\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-29] (Lenovo Group Limited)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-16] (Nok Nok Labs, Inc.)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [87040 2013-09-17] (Primax Electronics Ltd.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-10-09] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [45712 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-07-02] (Lenovo)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719968 2014-02-19] (SunplusIT, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [Lexmark S300-S400 Series] => C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe [316072 2011-01-23] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\...\Run: [SkyDrive] => C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-11-07] (Microsoft Corporation)
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\...\Run: [Starfield Updater] => C:\Users\Susan\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-11-10] (Starfield Technologies)
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\...\Run: [wben] => C:\Users\Susan\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\...\Run: [Workspace Status] => C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe [694760 2014-11-10] (Starfield Technologies)
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\...\MountPoints2: {9f9a809c-2a5f-11e4-81ba-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Susan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3404508016-2002458042-3075331148-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3404508016-2002458042-3075331148-1001] => http=127.0.0.1:49209;https=127.0.0.1:49209
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> {5DE13713-AED4-4166-9D7E-70D149770B19} URL = 
SearchScopes: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\Rac7dF.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3404508016-2002458042-3075331148-1001: @starfield.com/off -> C:\Users\Susan\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3404508016-2002458042-3075331148-1001: @starfield.com/off64 -> C:\Users\Susan\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3404508016-2002458042-3075331148-1001: @starfield.com/wbe -> C:\Users\Susan\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3404508016-2002458042-3075331148-1001: @starfield.com/wbe64 -> C:\Users\Susan\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\Rac7dF.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Susan\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Susan\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Susan\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Susan\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Susan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-11-10]
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2014-11-05]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-11-07]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (MFAC) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgbpjganndfjjmlamggkkkjafblbahl [2014-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-16]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-18] (Condusiv Technologies)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-07-02] (Lenovo)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-15] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-15] ()
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2014-11-05] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2014-11-05] (Nok Nok Labs Inc.)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [94720 2014-09-25] (Softex Inc.) [File not signed]
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [178688 2012-03-13] () [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-10-09] (Trend Micro Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-11-07] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-09-29] (Intuit Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-11] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-11] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-09-01] (Synaptics Incorporated)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2013-12-11] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-18] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-18] (Condusiv Technologies)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [56048 2013-07-02] (Windows ® Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-15] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [169680 2014-04-02] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R1 OMNISMI; C:\Windows\SysWOW64\drivers\omnismi.sys [14776 2014-03-31] ()
R3 phidmice; C:\Windows\System32\DRIVERS\phidmice.sys [34816 2013-03-26] (TPMX Electronics Ltd.)
R3 pmouself; C:\Windows\System32\DRIVERS\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
R3 pvendrlf; C:\Windows\System32\DRIVERS\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1521312 2014-03-17] (Sunplus)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
U2 TMAgent; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 09:19 - 2014-12-04 09:19 - 00038696 _____ () C:\Users\Susan\Downloads\FRST.txt
2014-12-04 09:18 - 2014-12-04 09:19 - 00000000 ____D () C:\FRST
2014-12-04 09:17 - 2014-12-04 09:17 - 02117632 _____ (Farbar) C:\Users\Susan\Downloads\FRST64 (1).exe
2014-12-04 09:15 - 2014-12-04 09:15 - 02117632 _____ (Farbar) C:\Users\Susan\Downloads\FRST64.exe
2014-12-04 08:33 - 2014-12-04 08:33 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-04 07:26 - 2014-12-04 07:26 - 00000165 ____H () C:\Users\Susan\Documents\~$New Budget.xlsx
2014-12-04 06:38 - 2014-12-04 06:41 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Skype
2014-12-04 06:38 - 2014-12-04 06:38 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-04 06:38 - 2014-12-04 06:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-04 06:38 - 2014-12-04 06:38 - 00000000 ____D () C:\Users\Susan\AppData\Local\Skype
2014-12-04 06:38 - 2014-12-04 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-04 06:37 - 2014-12-04 06:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-04 06:36 - 2014-12-04 06:36 - 01546848 _____ (Skype Technologies S.A.) C:\Users\Susan\Downloads\SkypeSetup.exe
2014-12-01 18:19 - 2014-12-01 18:20 - 00012288 _____ () C:\Users\Susan\Documents\QBTempBackup.tmp Mon, Dec 01 2014 06 19 58 PM
2014-12-01 03:24 - 2014-12-02 14:59 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-12-01 03:24 - 2014-12-01 03:24 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-12-01 03:24 - 2014-12-01 03:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-30 06:17 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-30 06:17 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-30 06:16 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-30 06:16 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-29 10:55 - 2014-11-29 11:13 - 00046241 _____ () C:\Users\Susan\Desktop\dds.txt
2014-11-29 10:55 - 2014-11-29 10:59 - 00007063 _____ () C:\Users\Susan\Desktop\attach.txt
2014-11-29 10:54 - 2014-11-29 10:54 - 00688992 ____R (Swearware) C:\Users\Susan\Downloads\dds.com
2014-11-29 09:47 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-29 09:47 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-29 09:47 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-29 09:47 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-29 09:47 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-29 09:47 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-29 09:47 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-29 09:47 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-29 09:47 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-29 09:47 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-29 09:47 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-29 09:47 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-29 09:47 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-29 09:47 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-29 09:47 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-29 09:47 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-29 09:47 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-29 09:47 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-29 09:47 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-11-29 09:47 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-29 09:47 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-29 08:47 - 2014-11-29 08:48 - 00000000 ____D () C:\AdwCleaner
2014-11-29 08:46 - 2014-11-29 08:46 - 02148864 _____ () C:\Users\Susan\Downloads\AdwCleaner.exe
2014-11-28 19:00 - 2014-11-29 08:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-28 18:59 - 2014-11-28 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-28 18:59 - 2014-11-28 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-28 18:59 - 2014-11-28 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-28 18:59 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-28 18:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-28 18:59 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-28 18:58 - 2014-11-28 18:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-24 18:46 - 2014-11-24 18:46 - 00000000 __SHD () C:\Users\Susan\AppData\Local\EmieBrowserModeList
2014-11-21 13:35 - 2014-11-21 13:35 - 01235429 _____ () C:\ProgramData\SPL1C85.tmp
2014-11-21 13:16 - 2014-11-21 13:17 - 00012288 _____ () C:\Users\Susan\Documents\QBTempBackup.tmp Fri, Nov 21 2014 01 16 50 PM
2014-11-20 18:28 - 2014-11-23 10:41 - 00128547 _____ () C:\Users\Susan\Documents\VillaSiennaBudget.xlsx
2014-11-18 16:07 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:07 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:07 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:07 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 18:09 - 2014-11-17 18:25 - 00026941 _____ () C:\Users\Susan\AppData\Roaming\Comma Separated Values.ADR
2014-11-17 16:44 - 2014-11-17 16:45 - 00000000 ____D () C:\Users\Susan\AppData\Local\Microsoft Help
2014-11-16 14:23 - 2014-11-28 08:05 - 00000168 _____ () C:\ProgramData\lxea.log
2014-11-14 05:36 - 2014-11-14 05:36 - 00084208 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-11-14 05:36 - 2014-11-14 05:36 - 00072432 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-11-14 05:36 - 2014-11-14 05:36 - 00060112 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-11-14 05:36 - 2014-11-14 05:36 - 00040176 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-11-11 17:22 - 2014-11-11 17:23 - 00012288 _____ () C:\Users\Susan\Documents\QBTempBackup.tmp Tue, Nov 11 2014 05 22 46 PM
2014-11-11 16:48 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 16:48 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 16:48 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 16:48 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 16:48 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 16:48 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 16:48 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 16:48 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 16:48 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 16:48 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 16:48 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 16:48 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 16:48 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 16:48 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 16:48 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 16:48 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 16:48 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 16:48 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 16:48 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 16:48 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 16:48 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 16:48 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 16:48 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 16:48 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 16:48 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 16:48 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 16:48 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 16:48 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 16:48 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 16:48 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 16:48 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 16:48 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 16:48 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 16:48 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 16:48 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 16:48 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 16:48 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 16:48 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 16:48 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 16:48 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 16:48 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 16:48 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 16:48 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 16:48 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 16:48 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 16:48 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 16:48 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 16:48 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 16:48 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 16:48 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 16:48 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 16:48 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 16:48 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 16:48 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 16:48 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 16:48 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 16:48 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 16:48 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 16:48 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 16:48 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 16:48 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 16:48 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 16:48 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 16:48 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 16:48 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 16:48 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 16:48 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 16:48 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 16:47 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 16:47 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 16:47 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 16:47 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 16:47 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 16:47 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 16:47 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 16:47 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 16:47 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 16:47 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 16:47 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 16:47 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 16:47 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 16:47 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 16:47 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 16:47 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 16:47 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 16:47 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 16:47 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 16:46 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 16:46 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 16:46 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 16:46 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-10 21:08 - 2014-11-10 21:09 - 122488064 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\msert.exe
2014-11-10 20:31 - 2014-11-10 20:33 - 00000000 ____D () C:\Users\Susan\Desktop\Resume
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\Taxes
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\Personal PDF and Travel
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\LittleRascalsNewOutside
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\LittleRascalPicFrame
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\Little Rascals
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\House
2014-11-10 20:31 - 2014-11-10 20:31 - 00000000 ____D () C:\Users\Susan\Desktop\CreditScores
2014-11-10 20:31 - 2013-04-22 15:56 - 00014531 _____ () C:\Users\Susan\Desktop\MILEAGELOG.xlsx
2014-11-10 18:22 - 2014-11-10 18:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-10 17:58 - 2014-11-10 17:58 - 13266944 _____ () C:\Users\Susan\Documents\WriteRightMeda2, LLC (Backup Nov 10,2014  05 58 PM).QBB
2014-11-10 16:40 - 2014-11-10 16:40 - 01295168 _____ (LogMeIn, Inc.) C:\Users\Susan\Downloads\Support-LogMeInRescue.exe
2014-11-10 16:35 - 2014-11-10 20:34 - 00000000 ____D () C:\Users\Susan\AppData\Local\LogMeIn Rescue Applet
2014-11-10 15:33 - 2014-11-10 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2014-11-10 15:30 - 2014-12-04 05:45 - 00000000 ___RD () C:\Users\Susan\Dropbox
2014-11-10 15:30 - 2014-11-14 16:35 - 00001029 _____ () C:\Users\Susan\Desktop\Dropbox.lnk
2014-11-10 15:29 - 2014-11-14 16:35 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-10 15:28 - 2014-12-04 05:45 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Dropbox
2014-11-10 15:28 - 2014-11-10 15:28 - 00323616 _____ (Dropbox, Inc.) C:\Users\Susan\Downloads\DropboxInstaller.exe
2014-11-10 15:22 - 2014-11-10 15:22 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Apple Computer
2014-11-10 15:22 - 2014-11-10 15:22 - 00000000 ____D () C:\Users\Susan\AppData\Local\offsync
2014-11-10 15:18 - 2014-11-10 15:18 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-10 15:18 - 2014-11-10 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-10 15:18 - 2014-11-10 15:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-10 15:18 - 2014-11-10 15:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-10 15:17 - 2014-11-10 15:17 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ____D () C:\Users\Susan\AppData\Local\Apple
2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ____D () C:\ProgramData\Apple
2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-10 15:15 - 2014-11-10 15:16 - 42096984 _____ (Apple Inc.) C:\Users\Susan\Downloads\QuickTimeInstaller.exe
2014-11-10 15:10 - 2014-11-10 15:10 - 00001117 _____ () C:\Users\Susan\Desktop\desktoptools.lnk
2014-11-10 15:10 - 2014-11-10 15:10 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2014-11-10 15:10 - 2014-11-10 15:10 - 00000000 ____D () C:\Program Files (x86)\Workspace
2014-11-10 15:09 - 2014-11-10 15:09 - 00000000 ____D () C:\Users\Susan\AppData\Local\Workspace
2014-11-10 14:59 - 2014-11-10 14:59 - 00001905 _____ () C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2014-11-10 14:59 - 2014-11-10 14:59 - 00001013 _____ () C:\Users\Public\Desktop\IrfanView.lnk
2014-11-10 14:59 - 2014-11-10 14:59 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\IrfanView
2014-11-10 14:59 - 2014-11-10 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-11-10 14:59 - 2014-11-10 14:59 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-11-10 14:57 - 2014-11-10 14:58 - 01898640 _____ (Irfan Skiljan) C:\Users\Susan\Downloads\iview438_setup.exe
2014-11-10 14:37 - 2014-11-10 14:37 - 00000000 ____D () C:\ProgramData\ALM
2014-11-10 14:27 - 2014-11-10 20:37 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-11-10 14:27 - 2014-11-10 20:37 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-11-10 14:27 - 2014-11-10 20:37 - 00002037 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-11-10 14:27 - 2014-11-10 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-11-10 14:22 - 2014-11-10 14:22 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2014-11-10 14:22 - 2014-11-10 14:22 - 00001108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-11-10 14:22 - 2014-11-10 14:22 - 00001096 _____ () C:\Users\Public\Desktop\Adobe Content Viewer.lnk
2014-11-10 14:21 - 2014-11-10 14:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-10 14:20 - 2014-11-10 14:40 - 00000000 ____D () C:\Program Files\Adobe
2014-11-10 14:15 - 2014-11-10 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS5.5
2014-11-10 14:15 - 2014-11-10 14:15 - 00001008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-11-10 14:04 - 2014-11-10 14:04 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\S300-S400 Series
2014-11-10 13:55 - 2014-11-10 13:55 - 00000252 _____ () C:\ProgramData\FastPics.log
2014-11-10 13:55 - 2014-11-10 13:55 - 00000000 ____D () C:\ProgramData\Ezprint
2014-11-10 13:54 - 2014-12-02 18:48 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-11-10 13:54 - 2014-12-02 18:47 - 00005570 _____ () C:\ProgramData\lxeaJSW.log
2014-11-10 13:52 - 2014-12-04 05:45 - 00004780 _____ () C:\ProgramData\lxeascan.log
2014-11-10 13:52 - 2014-11-10 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2014-11-10 13:52 - 2010-04-13 14:41 - 00836608 _____ ( ) C:\Windows\system32\lxeacoin.dll
2014-11-10 13:52 - 2009-11-26 03:45 - 00008694 _____ () C:\Windows\system32\lxeacommuilogo_rtl.bmp
2014-11-10 13:52 - 2009-11-26 03:45 - 00008694 _____ () C:\Windows\system32\lxeacommuilogo.bmp
2014-11-10 13:52 - 2009-11-09 03:06 - 00065536 _____ () C:\Windows\system32\lxeagcfg.dll
2014-11-10 13:52 - 2009-10-21 05:06 - 00399360 _____ () C:\Windows\system32\lxeacui.dll
2014-11-10 13:52 - 2009-10-21 05:06 - 00148480 _____ () C:\Windows\system32\lxeacuir.dll
2014-11-10 13:52 - 2009-01-20 04:32 - 00065106 _____ () C:\Windows\system32\lxeaprpr.chm
2014-11-10 13:52 - 2008-04-30 01:32 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lxk_g.dll
2014-11-10 13:52 - 2008-04-30 01:32 - 00983121 _____ (Microsoft Corporation) C:\Windows\system32\lxk_gf.dll
2014-11-10 13:52 - 2008-03-04 21:55 - 00109056 _____ () C:\Windows\system32\lxeavs.dll
2014-11-10 13:51 - 2014-11-10 13:52 - 00000000 ____D () C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2014-11-10 13:50 - 2014-11-10 13:50 - 00000000 ____D () C:\ProgramData\S300-S400 Series
2014-11-10 13:50 - 2010-04-14 15:45 - 00295592 _____ (Lexmark International, Inc.) C:\Windows\system32\LXEAwupd.exe
2014-11-10 13:50 - 2010-02-22 05:09 - 00510464 _____ (Lexmark International, Inc.) C:\Windows\system32\LXEAwupd.dll
2014-11-10 13:50 - 2009-12-31 01:17 - 00053760 _____ () C:\Windows\system32\LXEAPMON.DLL
2014-11-10 13:50 - 2009-12-31 01:17 - 00021504 _____ () C:\Windows\system32\LXEAFXPU.DLL
2014-11-10 13:50 - 2009-12-31 01:17 - 00003584 _____ () C:\Windows\system32\LXEAPMRC.DLL
2014-11-10 13:50 - 2009-01-13 08:15 - 04485120 _____ () C:\Windows\system32\LXEAoem.dll
2014-11-10 13:49 - 2014-11-10 13:54 - 00227265 _____ () C:\Windows\system32\LexFiles.ulf
2014-11-10 13:49 - 2014-11-10 13:52 - 00000000 ____D () C:\Program Files\Lexmark
2014-11-10 13:49 - 2014-11-10 13:50 - 00000000 ____D () C:\Program Files (x86)\Lexmark S300-S400 Series
2014-11-10 13:49 - 2014-11-10 13:49 - 00002016 _____ () C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
2014-11-10 13:49 - 2014-11-10 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2014-11-10 13:49 - 2014-11-10 13:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark Toolbar
2014-11-10 13:49 - 2010-04-14 15:45 - 01052328 _____ ( ) C:\Windows\system32\lxeacoms.exe
2014-11-10 13:49 - 2010-04-14 15:45 - 00612008 _____ ( ) C:\Windows\system32\lxeacfg.exe
2014-11-10 13:49 - 2010-04-14 15:45 - 00598696 _____ ( ) C:\Windows\SysWOW64\lxeacoms.exe
2014-11-10 13:49 - 2010-04-14 15:45 - 00520872 _____ ( ) C:\Windows\system32\lxeaih.exe
2014-11-10 13:49 - 2010-04-14 15:45 - 00373416 _____ ( ) C:\Windows\SysWOW64\lxeacfg.exe
2014-11-10 13:49 - 2010-04-14 15:45 - 00324264 _____ ( ) C:\Windows\SysWOW64\lxeaih.exe
2014-11-10 13:49 - 2010-04-14 13:33 - 00002106 _____ () C:\Windows\SysWOW64\lxea.loc
2014-11-10 13:49 - 2010-04-14 13:33 - 00002106 _____ () C:\Windows\system32\lxea.loc
2014-11-10 13:49 - 2010-03-09 03:58 - 00344064 _____ () C:\Windows\SysWOW64\lxeacomx.dll
2014-11-10 13:49 - 2009-12-09 15:32 - 00979968 _____ ( ) C:\Windows\system32\lxeapmui.dll
2014-11-10 13:49 - 2009-12-09 15:28 - 01631744 _____ ( ) C:\Windows\system32\lxeaserv.dll
2014-11-10 13:49 - 2009-12-09 15:27 - 01104384 _____ ( ) C:\Windows\system32\lxeahbn3.dll
2014-11-10 13:49 - 2009-12-09 15:26 - 01331712 _____ ( ) C:\Windows\system32\lxeausb1.dll
2014-11-10 13:49 - 2009-12-09 15:25 - 00547840 _____ ( ) C:\Windows\system32\LXEAhcp.dll
2014-11-10 13:49 - 2009-12-09 15:24 - 01371648 _____ ( ) C:\Windows\system32\lxeacomc.dll
2014-11-10 13:49 - 2009-12-09 15:24 - 00892416 _____ ( ) C:\Windows\system32\lxealmpm.dll
2014-11-10 13:49 - 2009-12-09 15:24 - 00579584 _____ ( ) C:\Windows\system32\lxeacomm.dll
2014-11-10 13:49 - 2009-12-09 15:23 - 00557568 _____ ( ) C:\Windows\system32\lxeainpa.dll
2014-11-10 13:49 - 2009-12-09 15:23 - 00515584 _____ ( ) C:\Windows\system32\lxeaiesc.dll
2014-11-10 13:49 - 2009-12-09 15:23 - 00495616 _____ () C:\Windows\system32\LXEAinst.dll
2014-11-10 13:49 - 2009-12-09 14:47 - 00643072 _____ ( ) C:\Windows\SysWOW64\lxeapmui.dll
2014-11-10 13:49 - 2009-12-09 14:43 - 01048576 _____ ( ) C:\Windows\SysWOW64\lxeaserv.dll
2014-11-10 13:49 - 2009-12-09 14:41 - 00688128 _____ ( ) C:\Windows\SysWOW64\lxeahbn3.dll
2014-11-10 13:49 - 2009-12-09 14:40 - 00847872 _____ ( ) C:\Windows\SysWOW64\lxeausb1.dll
2014-11-10 13:49 - 2009-12-09 14:36 - 00577536 _____ ( ) C:\Windows\SysWOW64\lxealmpm.dll
2014-11-10 13:49 - 2009-12-09 14:36 - 00372736 _____ ( ) C:\Windows\SysWOW64\lxeacomm.dll
2014-11-10 13:49 - 2009-12-09 14:35 - 00802816 _____ ( ) C:\Windows\SysWOW64\lxeacomc.dll
2014-11-10 13:49 - 2009-12-09 14:35 - 00364544 _____ ( ) C:\Windows\SysWOW64\lxeainpa.dll
2014-11-10 13:49 - 2009-12-09 14:35 - 00344064 _____ ( ) C:\Windows\SysWOW64\lxeaiesc.dll
2014-11-10 13:49 - 2009-11-26 03:57 - 00075264 _____ (Lexmark International) C:\Windows\system32\LXEAcfg.dll
2014-11-10 13:49 - 2009-11-26 03:52 - 00086186 _____ (Lexmark International) C:\Windows\SysWOW64\LXEAcfg.dll
2014-11-10 13:49 - 2009-11-09 03:36 - 00245248 _____ () C:\Windows\system32\lxeainsb.dll
2014-11-10 13:49 - 2009-11-09 03:36 - 00090624 _____ () C:\Windows\system32\lxeainsr.dll
2014-11-10 13:49 - 2009-11-09 03:36 - 00073216 _____ () C:\Windows\system32\lxeacub.dll
2014-11-10 13:49 - 2009-11-09 03:36 - 00040448 _____ () C:\Windows\system32\lxeajswr.dll
2014-11-10 13:49 - 2009-11-09 03:36 - 00022016 _____ () C:\Windows\system32\lxeacur.dll
2014-11-10 13:49 - 2009-11-09 03:35 - 00450048 _____ () C:\Windows\system32\lxeains.dll
2014-11-10 13:49 - 2009-11-09 03:35 - 00378368 _____ () C:\Windows\system32\lxeacu.dll
2014-11-10 13:49 - 2009-11-09 03:35 - 00298496 _____ () C:\Windows\system32\lxeagrd.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00262144 _____ () C:\Windows\SysWOW64\lxeainsb.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00253952 _____ () C:\Windows\SysWOW64\lxeacu.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00106496 _____ () C:\Windows\SysWOW64\lxeainsr.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00090112 _____ () C:\Windows\SysWOW64\lxeacub.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00057344 _____ () C:\Windows\SysWOW64\lxeajswr.dll
2014-11-10 13:49 - 2009-11-09 03:06 - 00036864 _____ () C:\Windows\SysWOW64\lxeacur.dll
2014-11-10 13:49 - 2009-11-09 03:05 - 00323584 _____ () C:\Windows\SysWOW64\lxeains.dll
2014-11-10 13:49 - 2006-12-06 22:28 - 00126976 _____ (Lexmark International Inc.) C:\Windows\SysWOW64\lxealnks.dll
2014-11-10 13:46 - 2014-11-10 13:46 - 00000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-11-10 13:46 - 2014-11-10 13:46 - 00000000 _____ () C:\ProgramData\cmn_upld.log
2014-11-10 13:45 - 2014-11-10 13:52 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-11-10 13:45 - 2009-02-20 01:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2014-11-10 13:45 - 2009-02-20 01:48 - 00299008 _____ () C:\Windows\SysWOW64\LXEAsm.dll
2014-11-10 13:45 - 2009-02-20 01:48 - 00023552 _____ () C:\Windows\SysWOW64\LXEAsmr.dll
2014-11-10 13:45 - 2009-02-20 01:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2014-11-10 13:41 - 2014-11-10 13:41 - 00000000 ____D () C:\Users\Susan\AppData\Local\Power2Go
2014-11-10 13:40 - 2014-11-10 13:40 - 00001395 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2014-11-10 13:38 - 2014-11-10 20:46 - 00000306 _____ () C:\Windows\lgfwup.ini
2014-11-10 13:38 - 2014-11-10 13:39 - 00000000 ____D () C:\ProgramData\install_clap
2014-11-10 13:38 - 2014-11-10 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
2014-11-10 13:38 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2014-11-10 13:38 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2014-11-10 13:38 - 1998-07-22 00:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-11-10 13:38 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2014-11-10 13:38 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-11-10 13:37 - 2014-11-10 13:37 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent
2014-11-10 13:34 - 2014-11-10 13:34 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\CyberLink
2014-11-10 13:30 - 2014-11-10 13:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2014-11-10 13:29 - 2014-11-10 13:39 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-11-10 13:28 - 2014-11-10 13:30 - 00000000 ____D () C:\ProgramData\CLSK
2014-11-10 13:27 - 2014-11-10 20:45 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-10 13:27 - 2014-11-10 13:39 - 00000000 ____D () C:\ProgramData\Temp
2014-11-10 11:23 - 2014-11-10 11:41 - 00004622 _____ () C:\Users\Susan\Downloads\software_removal_tool.log
2014-11-10 11:02 - 2014-11-10 11:02 - 00022528 _____ () C:\Users\Susan\AppData\Local\2353852dsisetup23612772.exe
2014-11-10 11:02 - 2014-11-10 11:02 - 00000001 _____ () C:\Users\Susan\AppData\Local\DSI.DAT
2014-11-07 03:05 - 2014-11-07 03:05 - 00289884 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-11-07 03:01 - 2014-11-07 03:01 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-11-07 03:00 - 2014-11-07 03:01 - 00295662 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-11-06 15:16 - 2014-11-10 16:01 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-11-06 14:12 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-06 14:12 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-06 14:12 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-06 14:12 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-06 14:12 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-06 14:12 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-06 14:12 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-06 14:12 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-06 14:12 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-06 14:12 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-06 14:12 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-06 14:12 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-06 13:19 - 2014-11-10 16:58 - 00000000 ____D () C:\Users\Susan\AppData\Local\Intuit
2014-11-06 13:19 - 2014-11-06 13:19 - 00000000 ____D () C:\Windows\Intuit
2014-11-06 13:18 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-11-06 13:17 - 2014-11-06 13:17 - 00002124 _____ () C:\Users\Public\Desktop\QuickBooks Pro Plus 2015.lnk
2014-11-06 13:17 - 2014-11-06 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-11-06 13:13 - 2014-11-24 19:03 - 00000095 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-11-06 13:13 - 2014-11-06 13:13 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-11-06 13:13 - 2014-11-06 13:13 - 00000000 ____D () C:\ProgramData\Nuance
2014-11-06 13:13 - 2014-11-06 13:13 - 00000000 ____D () C:\Program Files (x86)\Intuit
2014-11-06 13:12 - 2014-12-04 08:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 13:12 - 2014-11-29 09:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-06 13:12 - 2014-11-29 09:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-06 13:12 - 2014-11-29 09:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-06 13:12 - 2014-11-10 17:15 - 00000000 ____D () C:\ProgramData\INTUIT
2014-11-06 13:12 - 2014-11-06 13:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-11-06 13:12 - 2014-11-06 13:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-06 12:46 - 2014-11-06 12:55 - 618028912 _____ (Intuit, Inc. ) C:\Users\Susan\Desktop\QuickBooksProSub2015.exe
2014-11-06 12:46 - 2014-11-06 12:55 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Download Manager
2014-11-06 12:46 - 2014-11-06 12:46 - 00000881 _____ () C:\Users\Susan\Desktop\Setup_QuickBooksProSub2015.lnk
2014-11-06 12:46 - 2014-11-06 12:46 - 00000000 ____D () C:\Program Files (x86)\Akamai
2014-11-06 12:45 - 2014-11-06 12:45 - 00537856 _____ () C:\Users\Susan\Downloads\Setup_QuickBooksProSub2015.exe
2014-11-06 08:37 - 2014-11-12 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-06 07:48 - 2014-11-30 20:05 - 00000010 _____ () C:\Users\Susan\AppData\Local\sponge.last.runtime.cache
2014-11-06 07:45 - 2014-11-30 20:01 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Nitro PDF
2014-11-06 07:45 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-06 07:45 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-06 07:36 - 2014-11-12 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-06 07:36 - 2014-11-12 03:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-06 07:34 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-06 07:34 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-06 07:34 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-06 07:34 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-06 07:34 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-06 07:34 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-06 07:34 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-06 07:34 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-06 07:14 - 2011-04-08 23:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-11-06 07:14 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-11-06 07:11 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-06 07:11 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-06 07:11 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-11-06 07:11 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-11-06 07:11 - 2011-11-16 23:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-11-06 07:11 - 2011-11-16 22:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-11-06 07:10 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-06 07:10 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-06 07:10 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-06 07:10 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-06 07:10 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-06 07:10 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-06 07:10 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-06 07:10 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-06 07:10 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-06 07:10 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-06 07:10 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-11-06 07:10 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-11-06 07:10 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-11-06 07:10 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-11-06 07:09 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-06 07:09 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-06 07:09 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-06 07:08 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-06 07:08 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-06 07:08 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-06 07:08 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-06 07:08 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-06 07:08 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-06 07:08 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-06 07:08 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-06 07:08 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-06 07:08 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-06 07:08 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-06 07:08 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-06 07:08 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-06 07:08 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-06 07:08 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-06 07:08 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-06 07:08 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-06 07:08 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-06 07:08 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-11-06 07:06 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-06 07:06 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-06 07:06 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-06 07:06 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-06 07:06 - 2011-02-22 21:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-11-06 06:49 - 2014-12-04 08:51 - 00289779 _____ () C:\Users\Susan\Documents\New Budget.xlsx
2014-11-05 19:40 - 2014-12-04 06:05 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Susan-PC-Susan Susan-PC
2014-11-05 19:33 - 2014-12-04 05:45 - 00000000 ___RD () C:\Users\Susan\OneDrive
2014-11-05 19:27 - 2014-11-29 11:19 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-11-05 19:14 - 2014-11-29 09:06 - 00000000 ____D () C:\ProgramData\83b32e09-56dd-4d15-bbc7-350e8627ec65
2014-11-05 18:59 - 2014-11-05 18:59 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-11-05 18:47 - 2014-11-05 18:47 - 00000000 ___HD () C:\TMRescueDisk
2014-11-05 18:42 - 2014-11-05 19:20 - 00003540 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
2014-11-05 18:42 - 2014-11-05 18:42 - 00001456 _____ () C:\Users\Susan\Desktop\Trend Micro Internet Security.lnk
2014-11-05 18:42 - 2014-11-05 18:42 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2014-11-05 18:42 - 2014-07-14 00:39 - 00305832 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-05 18:42 - 2014-07-14 00:39 - 00121944 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
2014-11-05 18:42 - 2014-07-14 00:39 - 00093664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
2014-11-05 18:42 - 2014-07-09 09:03 - 00407864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
2014-11-05 18:42 - 2014-07-09 09:02 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
2014-11-05 18:42 - 2014-07-09 09:02 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
2014-11-05 18:42 - 2014-06-30 04:06 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys
2014-11-05 18:41 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-05 18:41 - 2014-11-05 18:41 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
2014-11-05 18:41 - 2014-11-05 18:41 - 00000000 ____D () C:\Program Files\Trend Micro
2014-11-05 18:39 - 2014-11-05 18:39 - 00000036 _____ () C:\Users\Susan\AppData\Local\housecall.guid.cache
2014-11-05 18:37 - 2014-11-05 18:43 - 00000000 ____D () C:\Users\Susan\AppData\Local\Trend Micro
2014-11-05 18:33 - 2014-11-05 18:35 - 145833336 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TrendMicro_IS_2015_US-en_64bit.exe
2014-11-05 18:33 - 2014-11-05 18:33 - 06630656 _____ (Trend Micro Inc.) C:\Users\Susan\Downloads\TTi_8.0_MR_Downloader.exe
2014-11-05 18:17 - 2014-11-05 18:17 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\PwrMgr
2014-11-05 18:13 - 2014-11-05 18:14 - 00000000 ____D () C:\Users\Susan\AppData\Local\LenovoReach
2014-11-05 18:04 - 2014-11-05 18:04 - 01055920 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\Setup.x86.en-US_ProPlusRetail_XFJBQ-PTNJ4-CWWQJ-T37BV-B7R3D_TX_PR_act_1_.exe
2014-11-05 18:01 - 2014-11-10 11:02 - 00000126 _____ () C:\Users\Susan\AppData\Roaming\WB.CFG
2014-11-05 17:19 - 2014-11-05 17:19 - 00000729 _____ () C:\Windows\Debug.txt
2014-11-05 17:18 - 2013-03-19 17:11 - 00034816 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELUSBLF.SYS
2014-11-05 17:18 - 2012-11-28 17:08 - 00023040 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELMOUSE.SYS
2014-11-05 17:18 - 2012-06-19 11:19 - 00022528 ____N (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELMOUBT.SYS
2014-11-05 17:18 - 2012-06-19 11:18 - 00016384 ____N (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELBTM.SYS
2014-11-05 17:18 - 2009-11-02 16:36 - 00011776 ____N (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\PELVENDR.SYS
2014-11-05 17:18 - 2009-06-30 10:09 - 00014336 ____N (Primax Electronics Ltd.) C:\Windows\system32\Drivers\PELPS2M.SYS
2014-11-05 17:18 - 2005-11-17 15:46 - 00414632 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2014-11-05 17:16 - 2014-11-10 10:31 - 00001025 _____ () C:\Windows\system32\Debug.txt
2014-11-05 17:16 - 2014-11-05 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Mouse Suite
2014-11-05 17:16 - 2013-03-26 07:47 - 00012288 _____ (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\pvendrlf.SYS
2014-11-05 17:16 - 2013-03-26 07:46 - 00034816 _____ (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\phidmice.sys
2014-11-05 17:16 - 2013-03-26 07:40 - 00023040 _____ (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\pmouself.SYS
2014-11-05 17:16 - 2013-02-28 16:24 - 00177152 _____ () C:\Windows\system32\LeCoinst.dll
2014-11-05 17:15 - 2014-11-05 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nok Nok Labs
2014-11-05 17:15 - 2014-11-05 17:15 - 00000000 ____D () C:\Program Files\Nok Nok Labs
2014-11-05 17:14 - 2014-11-05 17:14 - 00000000 __RHD () C:\MSOCache
2014-11-05 17:10 - 2014-12-01 17:18 - 00000000 ____D () C:\Users\Susan\AppData\Local\CrashDumps
2014-11-05 17:10 - 2014-11-05 17:10 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-11-05 17:09 - 2014-11-05 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-05 17:08 - 2014-11-14 16:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-05 17:08 - 2014-11-05 17:08 - 01055920 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-11-05 17:08 - 2012-02-16 23:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-11-05 17:08 - 2012-02-16 22:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-11-05 17:08 - 2012-02-16 21:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-11-05 17:06 - 2014-11-26 07:29 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-05 17:06 - 2014-11-05 17:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-11-05 17:06 - 2014-11-05 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-05 17:05 - 2014-11-10 18:21 - 00000000 ____D () C:\Users\Susan\AppData\Local\Adobe
2014-11-05 17:05 - 2014-11-05 17:05 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\LSC
2014-11-05 17:04 - 2014-12-04 08:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 17:04 - 2014-12-04 05:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 17:04 - 2014-11-14 17:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-05 17:04 - 2014-11-14 17:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-05 17:04 - 2014-11-05 17:06 - 00000000 ____D () C:\Users\Susan\AppData\Local\Google
2014-11-05 17:04 - 2014-11-05 17:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-05 17:04 - 2014-11-05 17:04 - 00819176 _____ (Google Inc.) C:\Users\Susan\Desktop\Setup_product_2937.exe
2014-11-05 17:03 - 2014-11-05 17:03 - 00004464 _____ () C:\Windows\System32\Tasks\Validate Installation
2014-11-05 17:03 - 2014-11-05 17:03 - 00004256 _____ () C:\Windows\System32\Tasks\Check Updates
2014-11-05 17:03 - 2014-11-05 17:03 - 00003860 _____ () C:\Windows\System32\Tasks\GeniusBox
2014-11-05 17:03 - 2014-11-05 17:03 - 00000064 _____ () C:\Users\Susan\AppData\Local\9ef92c5517b74d586bddcc4c466935f8
2014-11-05 17:02 - 2014-11-05 17:35 - 00000000 ____D () C:\Users\Susan\AppData\Local\GeniusBox
2014-11-05 16:57 - 2014-11-05 16:57 - 00000000 __SHD () C:\Users\Susan\AppData\Local\EmieUserList
2014-11-05 16:57 - 2014-11-05 16:57 - 00000000 __SHD () C:\Users\Susan\AppData\Local\EmieSiteList
2014-11-05 16:57 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-05 16:57 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-05 16:57 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-05 16:57 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-05 16:57 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-05 16:57 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-05 16:57 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-05 16:57 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-05 16:57 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-05 16:57 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-05 16:56 - 2014-11-24 18:59 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Adobe
2014-11-05 16:56 - 2014-11-10 16:11 - 00000000 ____D () C:\Users\Susan\AppData\Local\VirtualStore
2014-11-05 16:56 - 2014-11-10 15:09 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Mozilla
2014-11-05 16:56 - 2014-11-10 14:51 - 00116776 _____ () C:\Users\Susan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 16:56 - 2014-11-05 17:04 - 00000000 ____D () C:\Users\Susan\AppData\Local\Lenovo
2014-11-05 16:56 - 2014-11-05 16:56 - 00001428 _____ () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-05 16:56 - 2014-11-05 16:56 - 00000000 ____D () C:\Users\Susan\Documents\My Received Files
2014-11-05 16:56 - 2014-11-05 16:56 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Leadertech
2014-11-05 16:56 - 2014-11-05 16:56 - 00000000 ____D () C:\Users\Susan\AppData\Local\Nok Nok Labs
2014-11-05 16:56 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-05 16:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-05 16:56 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-05 16:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-05 16:55 - 2014-11-10 15:30 - 00000000 ____D () C:\Users\Susan
2014-11-05 16:55 - 2014-11-07 03:02 - 00002190 _____ () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-11-05 16:55 - 2014-11-05 16:55 - 00002836 _____ () C:\Windows\System32\Tasks\DiskUpdate
2014-11-05 16:55 - 2014-11-05 16:55 - 00000020 ___SH () C:\Users\Susan\ntuser.ini
2014-11-05 16:55 - 2014-11-05 16:55 - 00000010 _____ () C:\Windows\getvol.scp
2014-11-05 16:55 - 2014-11-05 16:55 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Intel
2014-11-05 16:55 - 2014-11-05 16:55 - 00000000 _____ () C:\Windows\firstboot.dat
2014-11-05 16:55 - 2014-08-22 18:17 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Macromedia
2014-11-05 16:55 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-05 16:55 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 09:20 - 2014-08-22 18:21 - 00000952 _____ () C:\Windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job
2014-12-04 06:28 - 2014-08-22 17:58 - 01281971 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 05:55 - 2009-07-13 21:51 - 00058282 _____ () C:\Windows\setupact.log
2014-12-04 05:52 - 2009-07-13 21:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 05:52 - 2009-07-13 21:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 05:51 - 2009-07-13 22:13 - 00803078 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 05:45 - 2014-08-22 18:21 - 00000948 _____ () C:\Windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job
2014-12-04 05:45 - 2014-08-22 18:20 - 00000000 ____D () C:\ProgramData\Validity
2014-12-04 05:45 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 19:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-12-01 17:02 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 09:56 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-29 09:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-29 09:16 - 2010-11-20 20:47 - 00606980 _____ () C:\Windows\PFRO.log
2014-11-12 03:24 - 2009-07-13 21:45 - 05007560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-10 20:20 - 2014-08-22 18:17 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-10 15:33 - 2014-08-22 18:18 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-11-10 15:33 - 2014-08-22 18:15 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-11-10 15:33 - 2014-08-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-11-10 15:33 - 2014-08-22 18:02 - 00000000 ____D () C:\Program Files\Lenovo
2014-11-10 15:32 - 2014-08-22 18:17 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-11-10 15:22 - 2014-08-22 18:19 - 629760000 ___SH () C:\Windows\lenovo_fastboot.img
2014-11-10 14:39 - 2014-08-22 18:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-10 13:38 - 2014-08-22 18:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-10 10:29 - 2009-07-13 19:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-06 15:01 - 2014-01-30 14:46 - 00799368 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-06 08:37 - 2014-02-03 07:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-06 08:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-06 08:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-06 08:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-05 19:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-05 18:38 - 2014-08-22 18:22 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 17:23 - 2014-08-22 17:18 - 00000000 ____D () C:\ProgramData\Lenovo
2014-11-05 17:15 - 2014-08-22 18:21 - 00003948 _____ () C:\Windows\System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA
2014-11-05 17:15 - 2014-08-22 18:21 - 00003696 _____ () C:\Windows\System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore
2014-11-05 17:15 - 2014-08-22 18:21 - 00000000 ____D () C:\ProgramData\Nok Nok Labs
2014-11-05 17:13 - 2014-08-22 18:19 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-11-05 17:12 - 2014-08-22 17:57 - 00000000 ____D () C:\Program Files\Synaptics
2014-11-05 17:12 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-11-05 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-05 17:01 - 2014-08-22 17:59 - 00000000 ____D () C:\ProgramData\Intel
2014-11-05 16:56 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\restore
2014-11-05 16:55 - 2014-08-22 18:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-11-05 16:55 - 2014-08-22 18:02 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_T440s_20AQ005NUS.MRK
2014-11-05 16:55 - 2014-01-30 12:47 - 00000000 ____D () C:\Windows\Panther
2014-11-05 16:55 - 2014-01-30 12:47 - 00000000 ____D () C:\SWTOOLS
2014-11-05 16:55 - 2010-11-20 19:50 - 00000000 ____D () C:\Users\Administrator
2014-11-05 16:55 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
 
Some content of TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\Abspdf.exe
C:\Users\Susan\AppData\Local\Temp\acfpdfu.dll
C:\Users\Susan\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Susan\AppData\Local\Temp\acfpdfui.dll
C:\Users\Susan\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Susan\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Susan\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Susan\AppData\Local\Temp\cdintf.dll
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwkizjw.dll
C:\Users\Susan\AppData\Local\Temp\InstallAX.exe
C:\Users\Susan\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Susan\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Susan\AppData\Local\Temp\Quarantine.exe
C:\Users\Susan\AppData\Local\Temp\sqlite3.dll
C:\Users\Susan\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 05:57
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 04 December 2014 - 02:22 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

() C:\Users\Susan\AppData\Local\GeniusBox\Client.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3404508016-2002458042-3075331148-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3404508016-2002458042-3075331148-1001] => http=127.0.0.1:49209;https=127.0.0.1:49209
SearchScopes: HKLM -> DefaultScope {5DE13713-AED4-4166-9D7E-70D149770B19} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DyDtCzyyC0EtC0D0EyBtAtN0D0Tzu0StCtDyEtDtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0CyB0FyDtCyDtG0D0F0EyEtGzz0C0AtAtG0FyCzztDtGyB0AyDtByB0D0C0AyC0D0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0DtCzzzyzyyEtGtCzyzz0AtGyEtDtAyDtGzytB0E0DtGyDyBtAtByB0EzyyC0AtA0E0E2Q&cr=71456986&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5DE13713-AED4-4166-9D7E-70D149770B19} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DyDtCzyyC0EtC0D0EyBtAtN0D0Tzu0StCtDyEtDtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0CyB0FyDtCyDtG0D0F0EyEtGzz0C0AtAtG0FyCzztDtGyB0AyDtByB0D0C0AyC0D0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0DtCzzzyzyyEtGtCzyzz0AtGyEtDtAyDtGzytB0E0DtGyDyBtAtByB0EzyyC0AtA0E0E2Q&cr=71456986&ir=
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DyDtCzyyC0EtC0D0EyBtAtN0D0Tzu0StCtDyEtDtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StA0Bzz0FyBzzzyyEtGtBtCyEyEtGyC0DyE0EtG0ByCzy0CtGtDyB0CtC0AtDtCtB0A0EtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0FzztDyCyCzztG0EzyyD0FtGyE0CyDtBtG0A0E0B0FtGtBzzzytBtDtB0B0D0A0EtBtD2Q&cr=28996453&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\Rac7dF.default\user.js
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2 TMAgent; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

You may have to reset your proxy.

Also if you get some redirections reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#5 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 04 December 2014 - 02:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Susan at 2014-12-04 12:27:12 Run:1
Running from C:\Users\Susan\Downloads
Loaded Profile: Susan (Available profiles: Susan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
() C:\Users\Susan\AppData\Local\GeniusBox\Client.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable:
[S-1-5-21-3404508016-2002458042-3075331148-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3404508016-2002458042-3075331148-1001] => http=127.0.0.1:49209;https=127.0.0.1:49209
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5DE13713-AED4-4166-9D7E-70D149770B19} URL =
SearchScopes: HKLM-x32 ->
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3404508016-2002458042-3075331148-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\Rac7dF.default\user.js
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
U2
TMAgent; No ImagePath
 
End
 
*****************
 
[7056] C:\Users\Susan\AppData\Local\GeniusBox\Client.exe => Process closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ProxyEnable: => Error: No automatic fix found for this entry.
[S-1-5-21-3404508016-2002458042-3075331148-1001] => Internet Explorer proxy is enabled. => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5DE13713-AED4-4166-9D7E-70D149770B19}" => Key deleted successfully.
"HKCR\CLSID\{5DE13713-AED4-4166-9D7E-70D149770B19}" => Key not found.
http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutB0A0BtB0B0DyDtCzyyC0EtC0D0EyBtAtN0D0Tzu0StCtDyEtDtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCzy0CyB0FyDtCyDtG0D0F0EyEtGzz0C0AtAtG0FyCzztDtGyB0AyDtByB0D0C0AyC0D0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0DtCzzzyzyyEtGtCzyzz0AtGyEtDtAyDtGzytB0E0DtGyDyBtAtByB0EzyyC0AtA0E0E2Q&cr=71456986&ir= => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
"HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 -> => Value not found.
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
"HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key not found.
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
"HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" => Key not found.
HKU\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\Rac7dF.default\user.js => Moved successfully.
C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf" => Key deleted successfully.
Amsp => Unable to stop service
Amsp => Error deleting Service
U2 => Error: No automatic fix found for this entry.
TMAgent; No ImagePath => Error: No automatic fix found for this entry.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 04 December 2014 - 02:42 PM

I did have to reset the proxy after running the above....then I exited and entered Chrome again and the setting reverted back to the proxy :-(



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 05 December 2014 - 07:37 AM

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:49209 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.

Make sure you click the Apply button.

Restart the computer normally to reset the registry.
===

If the proxy returns then continue.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#8 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 05 December 2014 - 03:35 PM

Here are the Rogue Killer results

 

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Susan [Administrator]
Mode : Delete -- Date : 12/05/2014  13:32:32
 
¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] workspaceupdate.exe -- C:\Users\Susan\AppData\Local\Workspace\workspaceupdate.exe[7] -> Killed [TermProc]
[Suspicious.Path] wben.exe -- C:\Users\Susan\AppData\Local\Workspace\wben.exe[7] -> Killed [TermProc]
[Suspicious.Path] workspacestatus.exe -- C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe[7] -> Killed [TermProc]
[Suspicious.Path] IntuitSyncManager.exe -- C:\Users\Susan\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe[7] -> Killed [TermProc]
[Suspicious.Path] Client.exe -- C:\Users\Susan\AppData\Local\GeniusBox\Client.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 23 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\Susan\AppData\Local\Workspace\WorkspaceUpdate.exe" [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\Susan\AppData\Local\Workspace\wben.exe" [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe" [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\Susan\AppData\Local\Workspace\WorkspaceUpdate.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\Susan\AppData\Local\Workspace\wben.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\Susan\AppData\Local\Workspace\workspacestatus.exe"  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49213;https=127.0.0.1:49213  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49213;https=127.0.0.1:49213  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94D28762-DB9B-4735-A783-4030F3FE09B1} | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{94D28762-DB9B-4735-A783-4030F3FE09B1} | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{94D28762-DB9B-4735-A783-4030F3FE09B1} | DhcpNameServer : 192.168.0.1 205.171.2.25 [UNITED STATES (US)]  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3404508016-2002458042-3075331148-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \\Check Updates -- C:\Users\Susan\AppData\Local\GeniusBox\tasks.exe -> Deleted
[Suspicious.Path] \\GeniusBox -- cmd.exe (/C start "" "C:\Users\Susan\AppData\Local\GeniusBox\client.exe") -> Deleted
[Suspicious.Path] \\Validate Installation -- C:\Users\Susan\AppData\Local\GeniusBox\uninstall.exe (/ValidateInstall=true) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DzHDD64 @ \Device\DozeHDD1 (\SystemRoot\System32\drivers\pcw.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\DzHDD64 @ \Device\DozeHDD0 (\SystemRoot\System32\drivers\pcw.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ACF050 SCSI Disk Device +++++
--- User ---
[MBR] a49398d2a82342d3c72fa7085f550cf1
[BSP] b4ee07ecf17c2507e018df165c4c8fbd : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 458887 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 942874624 | Size: 16551 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] b8a39b94e321033d6b01f40653463dd8
[BSP] 8d959feabfc948ccf6e3157b5fe82eb9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2048 | Size: 15270 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_12052014_132937.log


#9 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 05 December 2014 - 03:50 PM

Here are TDSSKiller results--it found nothing

 

13:46:54.0417 0x23dc  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:47:06.0869 0x23dc  ============================================================
13:47:06.0869 0x23dc  Current date / time: 2014/12/05 13:47:06.0869
13:47:06.0869 0x23dc  SystemInfo:
13:47:06.0869 0x23dc  
13:47:06.0869 0x23dc  OS Version: 6.1.7601 ServicePack: 1.0
13:47:06.0869 0x23dc  Product type: Workstation
13:47:06.0869 0x23dc  ComputerName: SUSAN-PC
13:47:06.0869 0x23dc  UserName: Susan
13:47:06.0869 0x23dc  Windows directory: C:\Windows
13:47:06.0869 0x23dc  System windows directory: C:\Windows
13:47:06.0869 0x23dc  Running under WOW64
13:47:06.0869 0x23dc  Processor architecture: Intel x64
13:47:06.0869 0x23dc  Number of processors: 4
13:47:06.0869 0x23dc  Page size: 0x1000
13:47:06.0869 0x23dc  Boot type: Normal boot
13:47:06.0869 0x23dc  ============================================================
13:47:07.0197 0x23dc  KLMD registered as C:\Windows\system32\drivers\82945367.sys
13:47:07.0743 0x23dc  System UUID: {31448B9C-9F66-0CDA-0064-DF70E789E253}
13:47:08.0541 0x23dc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:08.0541 0x23dc  Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:08.0541 0x23dc  ============================================================
13:47:08.0541 0x23dc  \Device\Harddisk0\DR0:
13:47:08.0541 0x23dc  MBR partitions:
13:47:08.0541 0x23dc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
13:47:08.0541 0x23dc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38043800
13:47:08.0541 0x23dc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38332000, BlocksNum 0x2053800
13:47:08.0541 0x23dc  \Device\Harddisk1\DR1:
13:47:08.0541 0x23dc  MBR partitions:
13:47:08.0541 0x23dc  ============================================================
13:47:08.0572 0x23dc  C: <-> \Device\Harddisk0\DR0\Partition2
13:47:08.0603 0x23dc  Q: <-> \Device\Harddisk0\DR0\Partition3
13:47:08.0603 0x23dc  ============================================================
13:47:08.0603 0x23dc  Initialize success
13:47:08.0603 0x23dc  ============================================================
13:47:14.0283 0x25bc  ============================================================
13:47:14.0283 0x25bc  Scan started
13:47:14.0283 0x25bc  Mode: Manual; 
13:47:14.0283 0x25bc  ============================================================
13:47:14.0283 0x25bc  KSN ping started
13:47:17.0338 0x25bc  KSN ping finished: true
13:47:17.0821 0x25bc  ================ Scan system memory ========================
13:47:17.0821 0x25bc  System memory - ok
13:47:17.0821 0x25bc  ================ Scan services =============================
13:47:17.0930 0x25bc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:47:17.0930 0x25bc  1394ohci - ok
13:47:17.0993 0x25bc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:47:18.0008 0x25bc  ACPI - ok
13:47:18.0180 0x25bc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:47:18.0180 0x25bc  AcpiPmi - ok
13:47:18.0227 0x25bc  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:47:18.0242 0x25bc  AdobeARMservice - ok
13:47:18.0320 0x25bc  [ F79623288F2A357AB20288B5DC4F452A, AA6F70A4C12E390E08074D6FD0EA0D1856D8274DA833E56A8811BF820A2D41D4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:47:18.0336 0x25bc  AdobeFlashPlayerUpdateSvc - ok
13:47:18.0383 0x25bc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:47:18.0398 0x25bc  adp94xx - ok
13:47:18.0414 0x25bc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:47:18.0430 0x25bc  adpahci - ok
13:47:18.0445 0x25bc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:47:18.0445 0x25bc  adpu320 - ok
13:47:18.0476 0x25bc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:47:18.0476 0x25bc  AeLookupSvc - ok
13:47:18.0523 0x25bc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:47:18.0523 0x25bc  AFD - ok
13:47:18.0554 0x25bc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:47:18.0554 0x25bc  agp440 - ok
13:47:18.0554 0x25bc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:47:18.0554 0x25bc  ALG - ok
13:47:18.0570 0x25bc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:47:18.0586 0x25bc  aliide - ok
13:47:18.0586 0x25bc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:47:18.0586 0x25bc  amdide - ok
13:47:18.0601 0x25bc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:47:18.0617 0x25bc  AmdK8 - ok
13:47:18.0617 0x25bc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:47:18.0632 0x25bc  AmdPPM - ok
13:47:18.0632 0x25bc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:47:18.0632 0x25bc  amdsata - ok
13:47:18.0648 0x25bc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:47:18.0648 0x25bc  amdsbs - ok
13:47:18.0679 0x25bc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:47:18.0679 0x25bc  amdxata - ok
13:47:18.0726 0x25bc  [ 539D5F87F802CB3E113BD1886A8182D0, 69EEA4B7AEC1F4319A5313B115D6561BD31C483048027E61C3C77D38E940255C ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:47:18.0742 0x25bc  Amsp - ok
13:47:18.0773 0x25bc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:47:18.0773 0x25bc  AppID - ok
13:47:18.0804 0x25bc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:47:18.0804 0x25bc  AppIDSvc - ok
13:47:18.0804 0x25bc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:47:18.0804 0x25bc  Appinfo - ok
13:47:18.0835 0x25bc  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:47:18.0835 0x25bc  AppMgmt - ok
13:47:18.0866 0x25bc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:47:18.0882 0x25bc  arc - ok
13:47:18.0882 0x25bc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:47:18.0882 0x25bc  arcsas - ok
13:47:18.0944 0x25bc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:47:18.0976 0x25bc  aspnet_state - ok
13:47:18.0991 0x25bc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:47:18.0991 0x25bc  AsyncMac - ok
13:47:19.0022 0x25bc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:47:19.0022 0x25bc  atapi - ok
13:47:19.0074 0x25bc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:47:19.0090 0x25bc  AudioEndpointBuilder - ok
13:47:19.0121 0x25bc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:47:19.0137 0x25bc  AudioSrv - ok
13:47:19.0574 0x25bc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:47:19.0683 0x25bc  AxInstSV - ok
13:47:19.0971 0x25bc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:47:19.0987 0x25bc  b06bdrv - ok
13:47:20.0018 0x25bc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:47:20.0018 0x25bc  b57nd60a - ok
13:47:20.0065 0x25bc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:47:20.0065 0x25bc  BDESVC - ok
13:47:20.0065 0x25bc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:47:20.0065 0x25bc  Beep - ok
13:47:20.0096 0x25bc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:47:20.0111 0x25bc  BFE - ok
13:47:20.0158 0x25bc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:47:20.0174 0x25bc  BITS - ok
13:47:20.0174 0x25bc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:47:20.0189 0x25bc  blbdrive - ok
13:47:20.0252 0x25bc  [ FB8D08A36BBCA81CDA6816BF3B9760A8, 54400C43EE06ACCD288A644EC95D6E57FC8CDD1987857FC7486B2923116DAEFF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:47:20.0267 0x25bc  Bluetooth Device Monitor - ok
13:47:20.0330 0x25bc  [ 4A9F3E690B4CEEFE6B255403422CD405, 05D9ABA394E5860125165A98F4914AC638CA4D0177AE0F932FE93732A6AA339C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:47:20.0361 0x25bc  Bluetooth Media Service - ok
13:47:20.0408 0x25bc  [ E1E0D2C9B1570137BC9E5645023565AF, 4AA7CEB0A7F5CAD7F0DDD6561A26D220E9F15DB231355572EE247EB4A4F6E5FE ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:47:20.0423 0x25bc  Bluetooth OBEX Service - ok
13:47:20.0455 0x25bc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:47:20.0455 0x25bc  bowser - ok
13:47:20.0470 0x25bc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:47:20.0470 0x25bc  BrFiltLo - ok
13:47:20.0486 0x25bc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:47:20.0486 0x25bc  BrFiltUp - ok
13:47:20.0501 0x25bc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:47:20.0517 0x25bc  Browser - ok
13:47:20.0533 0x25bc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:47:20.0533 0x25bc  Brserid - ok
13:47:20.0548 0x25bc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:47:20.0548 0x25bc  BrSerWdm - ok
13:47:20.0564 0x25bc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:47:20.0564 0x25bc  BrUsbMdm - ok
13:47:20.0564 0x25bc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:47:20.0564 0x25bc  BrUsbSer - ok
13:47:20.0579 0x25bc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:47:20.0595 0x25bc  BthEnum - ok
13:47:20.0611 0x25bc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:47:20.0611 0x25bc  BTHMODEM - ok
13:47:20.0611 0x25bc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:47:20.0611 0x25bc  BthPan - ok
13:47:20.0642 0x25bc  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:47:20.0657 0x25bc  BTHPORT - ok
13:47:20.0689 0x25bc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:47:20.0689 0x25bc  bthserv - ok
13:47:20.0704 0x25bc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:47:20.0704 0x25bc  BTHUSB - ok
13:47:20.0735 0x25bc  [ E55812A296C23169DEDB8841A0684958, D170365CEFBEE39A0784ECDCDEA158A0CDCFEE12DF1FB638CEECD4798C1E759C ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
13:47:20.0735 0x25bc  btmaux - ok
13:47:20.0782 0x25bc  [ 20B1FA8ED1782321DB4BD3B3E8A52036, FA0383534DA28F6FE9356761C9AD6624D31EFEA08BC8F999418D4F42FB7F919E ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
13:47:20.0798 0x25bc  btmhsf - ok
13:47:20.0813 0x25bc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:47:20.0813 0x25bc  cdfs - ok
13:47:20.0845 0x25bc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:47:20.0860 0x25bc  cdrom - ok
13:47:20.0860 0x25bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:47:20.0876 0x25bc  CertPropSvc - ok
13:47:20.0876 0x25bc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:47:20.0876 0x25bc  circlass - ok
13:47:20.0907 0x25bc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:47:20.0907 0x25bc  CLFS - ok
13:47:21.0016 0x25bc  [ E9C4FE59345E50CFCC544B051FBDDE0D, 0C5FA27C08A382028D8C78E3ECF86DF6AF9C488A671A9C080BC489C7B6073548 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
13:47:21.0063 0x25bc  ClickToRunSvc - ok
13:47:21.0110 0x25bc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:47:21.0110 0x25bc  clr_optimization_v2.0.50727_32 - ok
13:47:21.0146 0x25bc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:47:21.0146 0x25bc  clr_optimization_v2.0.50727_64 - ok
13:47:21.0208 0x25bc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:47:21.0224 0x25bc  clr_optimization_v4.0.30319_32 - ok
13:47:21.0240 0x25bc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:47:21.0240 0x25bc  clr_optimization_v4.0.30319_64 - ok
13:47:21.0271 0x25bc  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
13:47:21.0271 0x25bc  clwvd - ok
13:47:21.0286 0x25bc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:47:21.0302 0x25bc  CmBatt - ok
13:47:21.0302 0x25bc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:47:21.0302 0x25bc  cmdide - ok
13:47:21.0364 0x25bc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:47:21.0364 0x25bc  CNG - ok
13:47:21.0380 0x25bc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:47:21.0380 0x25bc  Compbatt - ok
13:47:21.0380 0x25bc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:47:21.0380 0x25bc  CompositeBus - ok
13:47:21.0396 0x25bc  COMSysApp - ok
13:47:21.0427 0x25bc  [ 582A3BCD7D21C90499D048139D3FD558, 4F033B8285DF051A6DACB7BF67D532304E883DA0DBE2511F02555ECEDBB423E7 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:47:21.0442 0x25bc  cphs - ok
13:47:21.0458 0x25bc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:47:21.0458 0x25bc  crcdisk - ok
13:47:21.0505 0x25bc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:47:21.0505 0x25bc  CryptSvc - ok
13:47:21.0536 0x25bc  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:47:21.0552 0x25bc  CSC - ok
13:47:21.0567 0x25bc  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:47:21.0583 0x25bc  CscService - ok
13:47:21.0630 0x25bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:47:21.0645 0x25bc  DcomLaunch - ok
13:47:21.0645 0x25bc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:47:21.0661 0x25bc  defragsvc - ok
13:47:21.0661 0x25bc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:47:21.0661 0x25bc  DfsC - ok
13:47:21.0692 0x25bc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:47:21.0692 0x25bc  Dhcp - ok
13:47:21.0723 0x25bc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:47:21.0723 0x25bc  discache - ok
13:47:21.0723 0x25bc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:47:21.0723 0x25bc  Disk - ok
13:47:21.0993 0x25bc  [ 1735BEA87925630B6E8F3A72B8FC7758, 289EB84C1A07E187AB1A2A94ECF2C8A13DD0140944FE1E81DF1D5F4D34155EA7 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
13:47:22.0183 0x25bc  DisplayLinkService - ok
13:47:22.0230 0x25bc  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:47:22.0230 0x25bc  dmvsc - ok
13:47:22.0261 0x25bc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:47:22.0277 0x25bc  Dnscache - ok
13:47:22.0277 0x25bc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:47:22.0292 0x25bc  dot3svc - ok
13:47:22.0324 0x25bc  [ 54188DC0CB4541CFC3C6FD90ACE361DA, 340D1DEFF91A9A45F7F2B239EE540AE05C007E270F20C5BB2CCF67690398F4B8 ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
13:47:22.0339 0x25bc  DozeSvc - ok
13:47:22.0339 0x25bc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:47:22.0355 0x25bc  DPS - ok
13:47:22.0370 0x25bc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:47:22.0370 0x25bc  drmkaud - ok
13:47:22.0417 0x25bc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:47:22.0433 0x25bc  DXGKrnl - ok
13:47:22.0448 0x25bc  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
13:47:22.0448 0x25bc  DzHDD64 - ok
13:47:22.0480 0x25bc  [ F5720B45C421F96D0D8B59799F7E3A75, BCFCC7FE451E1F3983BC3A614CF0422449EC36BC9E977827D618D09AE55D4FC3 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
13:47:22.0495 0x25bc  e1dexpress - ok
13:47:22.0495 0x25bc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:47:22.0511 0x25bc  EapHost - ok
13:47:22.0589 0x25bc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:47:22.0651 0x25bc  ebdrv - ok
13:47:22.0698 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:47:22.0698 0x25bc  EFS - ok
13:47:22.0745 0x25bc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:47:22.0776 0x25bc  ehRecvr - ok
13:47:22.0792 0x25bc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:47:22.0792 0x25bc  ehSched - ok
13:47:22.0823 0x25bc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:47:22.0823 0x25bc  elxstor - ok
13:47:22.0838 0x25bc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:47:22.0838 0x25bc  ErrDev - ok
13:47:22.0885 0x25bc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:47:22.0901 0x25bc  EventSystem - ok
13:47:22.0948 0x25bc  [ BF220856C02DF9AB74786BE92246A0E1, 9F35F4A08967634206B965BF94469380C0ACCF8A6C973E90ED85ECECF284CE34 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:47:22.0963 0x25bc  EvtEng - ok
13:47:22.0994 0x25bc  [ E654CAC28975B6AEF1FB7D6FE9B26F74, D9C5D123A85D779DE6577050BDF961B817F6DF4F0E07E0D02FBB9B0A31B666F7 ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
13:47:22.0994 0x25bc  excfs - ok
13:47:23.0010 0x25bc  [ 4CCBF79BA0312B56E89C0B9365F8A763, 3F4AD24FDDBC68FBC04A09EC938FE290EF75F2DC93749F8C0386ADBA32BC5BD9 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
13:47:23.0010 0x25bc  excsd - ok
13:47:23.0057 0x25bc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:47:23.0072 0x25bc  exfat - ok
13:47:23.0104 0x25bc  [ 5117F48112199D74343318A4520B6D64, 7118C00B713366C49D4CFDD0F3D39F06E0D93652E95678555FB4B4CD1BD2FE38 ] ExpressCache    C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
13:47:23.0135 0x25bc  ExpressCache - ok
13:47:23.0150 0x25bc  [ 9CF8FA44866B25A3BAF3A628D9AB9E3E, 573112D0F19E778F10347A3DBCDDA0C8C68441A6E5EFAFA50B43F617CFB4A9CA ] Fastboot        C:\Windows\system32\DRIVERS\fastboot.sys
13:47:23.0150 0x25bc  Fastboot - ok
13:47:23.0197 0x25bc  [ 2C6B3B01B5DBBAC059F674558EC64148, C3318EACD9B4C778A7E1C1AD204E01535582195A79DB2410961C31D92D84CB67 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
13:47:23.0213 0x25bc  FastbootService - ok
13:47:23.0228 0x25bc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:47:23.0228 0x25bc  fastfat - ok
13:47:23.0275 0x25bc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:47:23.0291 0x25bc  Fax - ok
13:47:23.0306 0x25bc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:47:23.0322 0x25bc  fdc - ok
13:47:23.0322 0x25bc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:47:23.0322 0x25bc  fdPHost - ok
13:47:23.0338 0x25bc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:47:23.0338 0x25bc  FDResPub - ok
13:47:23.0369 0x25bc  [ 09E439E0BB8970A2A8E639EE10A693D5, 050ADA714DE6487055798D799B1005B8F639394D5892644D65E5FA05C3DE058A ] File Backup     C:\Program Files (x86)\Workspace\offSyncService.exe
13:47:23.0400 0x25bc  File Backup - ok
13:47:23.0416 0x25bc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:47:23.0416 0x25bc  FileInfo - ok
13:47:23.0416 0x25bc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:47:23.0431 0x25bc  Filetrace - ok
13:47:23.0447 0x25bc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:47:23.0447 0x25bc  flpydisk - ok
13:47:23.0462 0x25bc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:47:23.0478 0x25bc  FltMgr - ok
13:47:23.0525 0x25bc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:47:23.0556 0x25bc  FontCache - ok
13:47:23.0587 0x25bc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:47:23.0603 0x25bc  FontCache3.0.0.0 - ok
13:47:23.0603 0x25bc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:47:23.0603 0x25bc  FsDepends - ok
13:47:23.0618 0x25bc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:47:23.0618 0x25bc  Fs_Rec - ok
13:47:23.0634 0x25bc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:47:23.0650 0x25bc  fvevol - ok
13:47:23.0650 0x25bc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:47:23.0665 0x25bc  gagp30kx - ok
13:47:23.0696 0x25bc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:47:23.0712 0x25bc  gpsvc - ok
13:47:23.0759 0x25bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:47:23.0759 0x25bc  gupdate - ok
13:47:23.0759 0x25bc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:47:23.0774 0x25bc  gupdatem - ok
13:47:23.0779 0x25bc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:47:23.0779 0x25bc  hcw85cir - ok
13:47:23.0811 0x25bc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:47:23.0826 0x25bc  HdAudAddService - ok
13:47:23.0826 0x25bc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:47:23.0842 0x25bc  HDAudBus - ok
13:47:23.0842 0x25bc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:47:23.0857 0x25bc  HidBatt - ok
13:47:23.0857 0x25bc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:47:23.0873 0x25bc  HidBth - ok
13:47:23.0873 0x25bc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:47:23.0889 0x25bc  HidIr - ok
13:47:23.0904 0x25bc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:47:23.0904 0x25bc  hidserv - ok
13:47:23.0922 0x25bc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:47:23.0925 0x25bc  HidUsb - ok
13:47:23.0925 0x25bc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:47:23.0925 0x25bc  hkmsvc - ok
13:47:23.0940 0x25bc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:47:23.0940 0x25bc  HomeGroupListener - ok
13:47:23.0956 0x25bc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:47:23.0956 0x25bc  HomeGroupProvider - ok
13:47:23.0972 0x25bc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:47:23.0972 0x25bc  HpSAMD - ok
13:47:24.0003 0x25bc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:47:24.0018 0x25bc  HTTP - ok
13:47:24.0034 0x25bc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:47:24.0034 0x25bc  hwpolicy - ok
13:47:24.0050 0x25bc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:47:24.0050 0x25bc  i8042prt - ok
13:47:24.0081 0x25bc  [ 8BE099617DA18FE085A40D47FC156B1B, A5F7AB41D32DF8A12F1945C263EE954CE15069C3CFD7131C74A8A3F4EC3AC122 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
13:47:24.0096 0x25bc  iaStorA - ok
13:47:24.0096 0x25bc  [ 005C0887D8B57A19883E3ADEF5478F05, E4D53F6197F128C5A753DBA0592619893D93F87575678E9708830B04C4CE1553 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
13:47:24.0096 0x25bc  iaStorF - ok
13:47:24.0128 0x25bc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:47:24.0143 0x25bc  iaStorV - ok
13:47:24.0161 0x25bc  [ C5637F74E032C700B6F5D3EA03E8F636, 8C697999DEA95DA4686C08CC4F67A09E706FE503869FC1A5B42761F1A2EE951C ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:47:24.0161 0x25bc  IBMPMDRV - ok
13:47:24.0161 0x25bc  [ 1F50C792A4BC183CF1FDBE1494A15680, CC2F9E51A6363733D613A885221AAEE35E44DDF77106068AD9F5028BE6AEF068 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
13:47:24.0177 0x25bc  IBMPMSVC - ok
13:47:24.0192 0x25bc  [ A9BA3505CD0648119D930FA737F21890, BE87B78566267FF2523071C93576D2E3A923D756B856FA4E61D38CDA4F70277C ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
13:47:24.0192 0x25bc  ibtusb - ok
13:47:24.0255 0x25bc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:47:24.0270 0x25bc  idsvc - ok
13:47:24.0286 0x25bc  IEEtwCollectorService - ok
13:47:24.0411 0x25bc  [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:47:24.0489 0x25bc  igfx - ok
13:47:24.0551 0x25bc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:47:24.0551 0x25bc  iirsp - ok
13:47:24.0582 0x25bc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:47:24.0614 0x25bc  IKEEXT - ok
13:47:24.0629 0x25bc  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
13:47:24.0645 0x25bc  intaud_WaveExtensible - ok
13:47:24.0754 0x25bc  [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:47:24.0848 0x25bc  IntcAzAudAddService - ok
13:47:24.0894 0x25bc  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:47:24.0910 0x25bc  IntcDAud - ok
13:47:24.0957 0x25bc  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:47:24.0972 0x25bc  Intel® Capability Licensing Service Interface - ok
13:47:25.0004 0x25bc  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:47:25.0035 0x25bc  Intel® Capability Licensing Service TCP IP Interface - ok
13:47:25.0066 0x25bc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:47:25.0066 0x25bc  intelide - ok
13:47:25.0097 0x25bc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:47:25.0097 0x25bc  intelppm - ok
13:47:25.0131 0x25bc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:47:25.0133 0x25bc  IPBusEnum - ok
13:47:25.0149 0x25bc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:47:25.0149 0x25bc  IpFilterDriver - ok
13:47:25.0165 0x25bc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:47:25.0180 0x25bc  iphlpsvc - ok
13:47:25.0180 0x25bc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:47:25.0196 0x25bc  IPMIDRV - ok
13:47:25.0196 0x25bc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:47:25.0196 0x25bc  IPNAT - ok
13:47:25.0196 0x25bc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:47:25.0211 0x25bc  IRENUM - ok
13:47:25.0211 0x25bc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:47:25.0211 0x25bc  isapnp - ok
13:47:25.0243 0x25bc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:47:25.0258 0x25bc  iScsiPrt - ok
13:47:25.0336 0x25bc  [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc          C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
13:47:25.0336 0x25bc  iumsvc - ok
13:47:25.0367 0x25bc  [ 626F5EAE794819A88F3A1437A6C75951, 491E9DFE7C08869585A5E56830110E245255C5DE71430051EC3948A81CF005C3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:47:25.0367 0x25bc  iusb3hcs - ok
13:47:25.0383 0x25bc  [ 21A002692B2A07D225E26F70E78D0BFC, 4809D0DD5CA1E0A9C7A0D2BD2E1C7775077CB99F62ED47844EBF3C0B1E91ED45 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:47:25.0383 0x25bc  iusb3hub - ok
13:47:25.0414 0x25bc  [ FBD43626F80EE4ACA8A6662EA318AFEF, 182DCFDE330399249F038D440FD73806009C809D2B61CE610194AA2131C02733 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:47:25.0430 0x25bc  iusb3xhc - ok
13:47:25.0445 0x25bc  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
13:47:25.0445 0x25bc  iwdbus - ok
13:47:25.0477 0x25bc  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:47:25.0477 0x25bc  jhi_service - ok
13:47:25.0492 0x25bc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:47:25.0492 0x25bc  kbdclass - ok
13:47:25.0508 0x25bc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:47:25.0508 0x25bc  kbdhid - ok
13:47:25.0539 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:47:25.0539 0x25bc  KeyIso - ok
13:47:25.0555 0x25bc  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:47:25.0570 0x25bc  KSecDD - ok
13:47:25.0601 0x25bc  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:47:25.0601 0x25bc  KSecPkg - ok
13:47:25.0601 0x25bc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:47:25.0601 0x25bc  ksthunk - ok
13:47:25.0633 0x25bc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:47:25.0648 0x25bc  KtmRm - ok
13:47:25.0679 0x25bc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:47:25.0679 0x25bc  LanmanServer - ok
13:47:25.0711 0x25bc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:47:25.0711 0x25bc  LanmanWorkstation - ok
13:47:25.0757 0x25bc  [ DA297A7BAB4E3889CFF60C02AE7BFB5D, 9E533D6FE2C9777A298F1E09C6E74F4135CC32D406382655EA9C0B7B2C533F3E ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
13:47:25.0773 0x25bc  Lenovo EasyPlus Hotspot - ok
13:47:25.0820 0x25bc  [ BB7F4D4160460511EAC00B97669D7052, F268B034708C26857D2C472871D65BFD74066B95ADCAC841E69E7BE91B9DE17F ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
13:47:25.0820 0x25bc  LENOVO.CAMMUTE - ok
13:47:25.0851 0x25bc  [ BC381F006A302D01D20B0B5768AE3A94, 5DCBC9F6992C62D11001EF0340CA7813BD5AA84B74C990AC6889B81DBC8B9DBA ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
13:47:25.0851 0x25bc  LENOVO.MICMUTE - ok
13:47:25.0867 0x25bc  [ E7ADA2310BD3E95E7B0647E650DA9E50, B3A5A406DF9A828A115653D32368B4C8D77532E5258844DD9EB107115FCBFB6F ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
13:47:25.0867 0x25bc  LENOVO.TPKNRSVC - ok
13:47:25.0882 0x25bc  [ 6A7AF51544418052522D3D5862022399, F752B558BDC2F5A615BDAD2BAE7DACAF9A725CB135E2BB10BFD6BA30DB79212E ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
13:47:25.0882 0x25bc  LENOVO.TVTVCAM - ok
13:47:25.0898 0x25bc  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
13:47:25.0913 0x25bc  Lenovo.VIRTSCRLSVC - ok
13:47:25.0929 0x25bc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:47:25.0929 0x25bc  lltdio - ok
13:47:25.0960 0x25bc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:47:25.0960 0x25bc  lltdsvc - ok
13:47:25.0991 0x25bc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:47:25.0991 0x25bc  lmhosts - ok
13:47:26.0038 0x25bc  [ 888A1DD2EB317FAF3906E64ACEE7A1BC, 1FDEA6073F64E829A4208BECBE1DAE7FBEC19D6100B001D1A78D48A3CBF687C3 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:47:26.0038 0x25bc  LMS - ok
13:47:26.0069 0x25bc  [ 49ED6CF0E353D09942AEDF219DE335B3, EEF462B2213589170722FF8B9B085209E7765A5934789F993F00D1E072F02282 ] lnvDiscoveryWinSvc C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
13:47:26.0085 0x25bc  lnvDiscoveryWinSvc - ok
13:47:26.0116 0x25bc  [ 25F003B378E831514587DC6155781227, 7E68BED3721B9B917DDF215E572EEC4D1B30805CB8C274222450F65AA6B9D945 ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
13:47:26.0132 0x25bc  LSCWinService - ok
13:47:26.0147 0x25bc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:47:26.0147 0x25bc  LSI_FC - ok
13:47:26.0163 0x25bc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:47:26.0163 0x25bc  LSI_SAS - ok
13:47:26.0179 0x25bc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:47:26.0179 0x25bc  LSI_SAS2 - ok
13:47:26.0179 0x25bc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:47:26.0194 0x25bc  LSI_SCSI - ok
13:47:26.0210 0x25bc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:47:26.0210 0x25bc  luafv - ok
13:47:26.0241 0x25bc  [ 3D1516114F5B1548864D043177F992A6, 3733D5D51EA0DBFB24C408F1C48F8367CEE005EFCEC2860975D5EE2B4445ECF4 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
13:47:26.0241 0x25bc  lxeaCATSCustConnectService - ok
13:47:26.0257 0x25bc  lxea_device - ok
13:47:26.0272 0x25bc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:47:26.0272 0x25bc  Mcx2Svc - ok
13:47:26.0288 0x25bc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:47:26.0288 0x25bc  megasas - ok
13:47:26.0319 0x25bc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:47:26.0319 0x25bc  MegaSR - ok
13:47:26.0350 0x25bc  [ 8FE46E9374DAD76ED081936DEDD3F6B0, 2CEA37D4C9BD68BCF554120FF2A6A6B6E2A5CBB48C62071D1210557CB6A1D32D ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
13:47:26.0350 0x25bc  MEIx64 - ok
13:47:26.0381 0x25bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:47:26.0381 0x25bc  MMCSS - ok
13:47:26.0397 0x25bc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:47:26.0397 0x25bc  Modem - ok
13:47:26.0428 0x25bc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:47:26.0428 0x25bc  monitor - ok
13:47:26.0459 0x25bc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:47:26.0459 0x25bc  mouclass - ok
13:47:26.0475 0x25bc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:47:26.0475 0x25bc  mouhid - ok
13:47:26.0491 0x25bc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:47:26.0491 0x25bc  mountmgr - ok
13:47:26.0522 0x25bc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:47:26.0522 0x25bc  mpio - ok
13:47:26.0537 0x25bc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:47:26.0537 0x25bc  mpsdrv - ok
13:47:26.0584 0x25bc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:47:26.0600 0x25bc  MpsSvc - ok
13:47:26.0615 0x25bc  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:47:26.0615 0x25bc  MRxDAV - ok
13:47:26.0631 0x25bc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:47:26.0631 0x25bc  mrxsmb - ok
13:47:26.0647 0x25bc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:47:26.0662 0x25bc  mrxsmb10 - ok
13:47:26.0662 0x25bc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:47:26.0662 0x25bc  mrxsmb20 - ok
13:47:26.0662 0x25bc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:47:26.0662 0x25bc  msahci - ok
13:47:26.0678 0x25bc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:47:26.0693 0x25bc  msdsm - ok
13:47:26.0709 0x25bc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:47:26.0709 0x25bc  MSDTC - ok
13:47:26.0725 0x25bc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:47:26.0725 0x25bc  Msfs - ok
13:47:26.0725 0x25bc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:47:26.0725 0x25bc  mshidkmdf - ok
13:47:26.0740 0x25bc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:47:26.0740 0x25bc  msisadrv - ok
13:47:26.0756 0x25bc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:47:26.0771 0x25bc  MSiSCSI - ok
13:47:26.0771 0x25bc  msiserver - ok
13:47:26.0771 0x25bc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:47:26.0787 0x25bc  MSKSSRV - ok
13:47:26.0787 0x25bc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:47:26.0787 0x25bc  MSPCLOCK - ok
13:47:26.0803 0x25bc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:47:26.0803 0x25bc  MSPQM - ok
13:47:26.0818 0x25bc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:47:26.0834 0x25bc  MsRPC - ok
13:47:26.0849 0x25bc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:47:26.0849 0x25bc  mssmbios - ok
13:47:26.0849 0x25bc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:47:26.0849 0x25bc  MSTEE - ok
13:47:26.0865 0x25bc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:47:26.0865 0x25bc  MTConfig - ok
13:47:26.0881 0x25bc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:47:26.0881 0x25bc  Mup - ok
13:47:26.0912 0x25bc  [ 1EE90E273094252917843D111E898C94, D0D7D155E3CA022BC1F718327165E44F954A40B96259DEE5266C48ADCC8B4556 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:47:26.0912 0x25bc  MyWiFiDHCPDNS - ok
13:47:26.0943 0x25bc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:47:26.0959 0x25bc  napagent - ok
13:47:26.0990 0x25bc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:47:27.0005 0x25bc  NativeWifiP - ok
13:47:27.0052 0x25bc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:47:27.0068 0x25bc  NDIS - ok
13:47:27.0083 0x25bc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:47:27.0083 0x25bc  NdisCap - ok
13:47:27.0099 0x25bc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:27.0099 0x25bc  NdisTapi - ok
13:47:27.0115 0x25bc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:27.0115 0x25bc  Ndisuio - ok
13:47:27.0130 0x25bc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:27.0130 0x25bc  NdisWan - ok
13:47:27.0146 0x25bc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:47:27.0146 0x25bc  NDProxy - ok
13:47:27.0146 0x25bc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:47:27.0161 0x25bc  NetBIOS - ok
13:47:27.0180 0x25bc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:47:27.0185 0x25bc  NetBT - ok
13:47:27.0200 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:47:27.0200 0x25bc  Netlogon - ok
13:47:27.0216 0x25bc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:47:27.0231 0x25bc  Netman - ok
13:47:27.0263 0x25bc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:27.0278 0x25bc  NetMsmqActivator - ok
13:47:27.0294 0x25bc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:27.0294 0x25bc  NetPipeActivator - ok
13:47:27.0309 0x25bc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:47:27.0309 0x25bc  netprofm - ok
13:47:27.0325 0x25bc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:27.0325 0x25bc  NetTcpActivator - ok
13:47:27.0325 0x25bc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:27.0325 0x25bc  NetTcpPortSharing - ok
13:47:27.0419 0x25bc  [ C9D91D5E057D7A2C483DC838A7639C08, 405593E8195B61A05E83EDE85457D9BEFBBE332CC63C902B8548044429ED96D1 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
13:47:27.0497 0x25bc  NETwNs64 - ok
13:47:27.0575 0x25bc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:47:27.0590 0x25bc  nfrd960 - ok
13:47:27.0637 0x25bc  [ 8A37DDED1AB7EFD8FEFEB00A322FC872, A148921612BEB16DB7E865DF8E71BB24EF3D169C362B8851040B02AB615E932A ] NitroDriverReadSpool9 C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
13:47:27.0637 0x25bc  NitroDriverReadSpool9 - ok
13:47:27.0668 0x25bc  [ 6F1FC572CAD4F37DA1ADED21B3C659FF, EB473EF0E3C7480082614288FAD8DD4F644943121B2F11AF9BDC00F4557B8D34 ] NitroUpdateService C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
13:47:27.0684 0x25bc  NitroUpdateService - ok
13:47:27.0699 0x25bc  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:47:27.0715 0x25bc  NlaSvc - ok
13:47:27.0762 0x25bc  [ 46645E17C983A93C13A2B6CC4CBAFADF, 2ECA94935F274A43CE7B778418F25B88E4A403566B1546A17A7C4EC8B8F9F114 ] nlsX86cc        C:\Windows\SysWOW64\NLSSRV32.EXE
13:47:27.0762 0x25bc  nlsX86cc - ok
13:47:27.0777 0x25bc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:47:27.0777 0x25bc  Npfs - ok
13:47:27.0777 0x25bc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:47:27.0777 0x25bc  nsi - ok
13:47:27.0793 0x25bc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:47:27.0809 0x25bc  nsiproxy - ok
13:47:27.0855 0x25bc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:47:27.0887 0x25bc  Ntfs - ok
13:47:27.0902 0x25bc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:47:27.0902 0x25bc  Null - ok
13:47:27.0918 0x25bc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:47:27.0918 0x25bc  nvraid - ok
13:47:27.0933 0x25bc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:47:27.0949 0x25bc  nvstor - ok
13:47:27.0949 0x25bc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:47:27.0965 0x25bc  nv_agp - ok
13:47:27.0965 0x25bc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:47:27.0980 0x25bc  ohci1394 - ok
13:47:28.0011 0x25bc  [ 7809148A966D13CD350E2F27EF19F576, 6F32968943100FEE9FEBC55728BD648F38DDE6E05AACD68FEEF032EE90BB1B02 ] omaha           C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
13:47:28.0027 0x25bc  omaha - ok
13:47:28.0027 0x25bc  [ 7809148A966D13CD350E2F27EF19F576, 6F32968943100FEE9FEBC55728BD648F38DDE6E05AACD68FEEF032EE90BB1B02 ] omaham          C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
13:47:28.0027 0x25bc  omaham - ok
13:47:28.0058 0x25bc  [ C01D38C24A213C37619777F0DC5BFAE0, 3841EA709EC89D6F2E8AC3F173A5DC4166961FA6D96AF0B2BCB4247F26E497D9 ] omniserv        C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
13:47:28.0058 0x25bc  omniserv - ok
13:47:28.0089 0x25bc  [ E7B6DF2BF970BA75884AA5222E79AAE3, 4A0A52244F0787FF4380AAEF878E9E58AAE10251BA5434ADCF246173D5E68D0B ] OMNISMI         C:\Windows\SysWOW64\drivers\omnismi.sys
13:47:28.0089 0x25bc  OMNISMI - ok
13:47:28.0121 0x25bc  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:47:28.0121 0x25bc  ose - ok
13:47:28.0277 0x25bc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:47:28.0355 0x25bc  osppsvc - ok
13:47:28.0417 0x25bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:47:28.0417 0x25bc  p2pimsvc - ok
13:47:28.0448 0x25bc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:47:28.0448 0x25bc  p2psvc - ok
13:47:28.0464 0x25bc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:47:28.0479 0x25bc  Parport - ok
13:47:28.0495 0x25bc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:47:28.0495 0x25bc  partmgr - ok
13:47:28.0495 0x25bc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:47:28.0495 0x25bc  PcaSvc - ok
13:47:28.0511 0x25bc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:47:28.0511 0x25bc  pci - ok
13:47:28.0526 0x25bc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:47:28.0542 0x25bc  pciide - ok
13:47:28.0557 0x25bc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:47:28.0557 0x25bc  pcmcia - ok
13:47:28.0573 0x25bc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:47:28.0573 0x25bc  pcw - ok
13:47:28.0589 0x25bc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:47:28.0604 0x25bc  PEAUTH - ok
13:47:28.0667 0x25bc  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:47:28.0698 0x25bc  PeerDistSvc - ok
13:47:28.0729 0x25bc  [ 9590E5FAFB67C9842F5EEDD41348F16F, 67E5F18D0B36604C580B54D7463927746309D9ABC6AC1F81E3FD3B4F17009157 ] PelService      C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
13:47:28.0729 0x25bc  PelService - ok
13:47:28.0745 0x25bc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:47:28.0745 0x25bc  PerfHost - ok
13:47:28.0760 0x25bc  [ BB5E1FC2992772CA90EDDA97B3388B52, CB9BFB18A1DB544A3B635F2E089992A65536BEF1AA7C21AEF950E78F8C556E80 ] phidmice        C:\Windows\system32\DRIVERS\phidmice.sys
13:47:28.0776 0x25bc  phidmice - ok
13:47:28.0823 0x25bc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:47:28.0854 0x25bc  pla - ok
13:47:28.0947 0x25bc  [ 924706E31FABF88D334B5AE3F1F1AF39, 6D516508E18FA18D9577ED2B5C961C1151923DF619742B269553BE65B3B83196 ] Platinum Host Service C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
13:47:28.0963 0x25bc  Platinum Host Service - ok
13:47:29.0010 0x25bc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:47:29.0010 0x25bc  PlugPlay - ok
13:47:29.0041 0x25bc  [ 589AC4E13A33084FAA4E5E3563B01920, ADC74DB29056169D509D37DE4B5DF85D4FCA39BBF0043A5C74CFC731C95E4BCC ] pmouself        C:\Windows\system32\DRIVERS\pmouself.sys
13:47:29.0041 0x25bc  pmouself - ok
13:47:29.0057 0x25bc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:47:29.0057 0x25bc  PNRPAutoReg - ok
13:47:29.0072 0x25bc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:47:29.0072 0x25bc  PNRPsvc - ok
13:47:29.0135 0x25bc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:47:29.0135 0x25bc  PolicyAgent - ok
13:47:29.0171 0x25bc  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
13:47:29.0171 0x25bc  Power - ok
13:47:29.0249 0x25bc  [ CE142AB0EB7731391E0BCC837367AB0C, 35E55879EC5A540A49F4F66298A735E3D9532992AB1A60D4B113EB63DE32286E ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:47:29.0280 0x25bc  Power Manager DBC Service - ok
13:47:29.0311 0x25bc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:47:29.0311 0x25bc  PptpMiniport - ok
13:47:29.0327 0x25bc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:47:29.0327 0x25bc  Processor - ok
13:47:29.0342 0x25bc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:47:29.0358 0x25bc  ProfSvc - ok
13:47:29.0358 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:47:29.0358 0x25bc  ProtectedStorage - ok
13:47:29.0389 0x25bc  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
13:47:29.0389 0x25bc  psadd - ok
13:47:29.0420 0x25bc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:47:29.0420 0x25bc  Psched - ok
13:47:29.0420 0x25bc  [ D1BF079D549202478E22106C0E3FEE4D, AFFA308133FDA193109682B8895A952E27E9EB8C4EFE662787BCF1E7BAC3B49C ] pvendrlf        C:\Windows\system32\DRIVERS\pvendrlf.sys
13:47:29.0420 0x25bc  pvendrlf - ok
13:47:29.0483 0x25bc  [ 9417BCA1AA0686A88AEAA60C20DFA99D, FAF77AE47756BEB5B4B632D045A2A0EFA719330E8FA94DF8A02927E3FDA7EF49 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
13:47:29.0514 0x25bc  PwmEWSvc - ok
13:47:29.0561 0x25bc  [ 52C3BEC102631528B1911D71CF1D8F62, E849D6232083627849CDE400D1B9B1A5FB56311B6C97BE7CDB9C0895C6A3AED9 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:47:29.0561 0x25bc  QBCFMonitorService - ok
13:47:29.0592 0x25bc  [ 9EE9AA5D1FB3F3B99467A20B03B47C5D, 5C43150DF7FC7786DD7568219860BEC89460EE13889B37F01A6D15D4059EC146 ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:47:29.0592 0x25bc  QBFCService - ok
13:47:29.0639 0x25bc  [ A0A4C760E18DF1F62D535B817B0ADD0D, 68D521941141CF81FA35302ABC7EA06BB30D9F553867AFA2DD3B4061620287BE ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
13:47:29.0670 0x25bc  QBVSS - ok
13:47:29.0732 0x25bc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:47:29.0764 0x25bc  ql2300 - ok
13:47:29.0779 0x25bc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:47:29.0779 0x25bc  ql40xx - ok
13:47:29.0800 0x25bc  [ 93430FFD315E5A378675EF07CBD22D68, 2C663F54BCBA208FDFC588B4D63FA5181269F820A7F099E6F388D5C92A563621 ] QuickControlMasterSvc C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
13:47:29.0815 0x25bc  QuickControlMasterSvc - ok
13:47:29.0831 0x25bc  [ 9A3B6FC0B44A200719BBF50E4DF8A557, 260D35AD9D6CDE5298F0FF574863717DC41D81D8A5A92784BB30B9998C0D706E ] QuickControlService C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
13:47:29.0831 0x25bc  QuickControlService - ok
13:47:29.0862 0x25bc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:47:29.0862 0x25bc  QWAVE - ok
13:47:29.0862 0x25bc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:47:29.0878 0x25bc  QWAVEdrv - ok
13:47:29.0893 0x25bc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:47:29.0893 0x25bc  RasAcd - ok
13:47:29.0909 0x25bc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:47:29.0925 0x25bc  RasAgileVpn - ok
13:47:29.0925 0x25bc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:47:29.0925 0x25bc  RasAuto - ok
13:47:29.0940 0x25bc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:29.0943 0x25bc  Rasl2tp - ok
13:47:29.0945 0x25bc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:47:29.0961 0x25bc  RasMan - ok
13:47:29.0961 0x25bc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:29.0961 0x25bc  RasPppoe - ok
13:47:29.0976 0x25bc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:47:29.0976 0x25bc  RasSstp - ok
13:47:29.0992 0x25bc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:47:30.0008 0x25bc  rdbss - ok
13:47:30.0008 0x25bc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:47:30.0008 0x25bc  rdpbus - ok
13:47:30.0023 0x25bc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:30.0023 0x25bc  RDPCDD - ok
13:47:30.0039 0x25bc  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:47:30.0054 0x25bc  RDPDR - ok
13:47:30.0054 0x25bc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:47:30.0054 0x25bc  RDPENCDD - ok
13:47:30.0054 0x25bc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:47:30.0054 0x25bc  RDPREFMP - ok
13:47:30.0132 0x25bc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:47:30.0132 0x25bc  RdpVideoMiniport - ok
13:47:30.0164 0x25bc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:47:30.0164 0x25bc  RDPWD - ok
13:47:30.0210 0x25bc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:47:30.0210 0x25bc  rdyboost - ok
13:47:30.0257 0x25bc  [ 37F021CF7D670D305C1687781173069E, 286D6D04B0A9C4399086BE8DDA5126CDE462EE3B9F5B40A65CD9CD2B7C160886 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:47:30.0257 0x25bc  RegSrvc - ok
13:47:30.0273 0x25bc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:47:30.0288 0x25bc  RemoteAccess - ok
13:47:30.0288 0x25bc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:47:30.0304 0x25bc  RemoteRegistry - ok
13:47:30.0320 0x25bc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:47:30.0335 0x25bc  RFCOMM - ok
13:47:30.0335 0x25bc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:47:30.0335 0x25bc  RpcEptMapper - ok
13:47:30.0351 0x25bc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:47:30.0351 0x25bc  RpcLocator - ok
13:47:30.0366 0x25bc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:47:30.0382 0x25bc  RpcSs - ok
13:47:30.0398 0x25bc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:47:30.0398 0x25bc  rspndr - ok
13:47:30.0429 0x25bc  [ D1255851605A6FBFC5D740152D7FEEA3, 3780D3CD521176850E080A0541201C43ED9E84E2EC7D355DA317CCA491913194 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
13:47:30.0444 0x25bc  RTSPER - ok
13:47:30.0460 0x25bc  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:47:30.0460 0x25bc  s3cap - ok
13:47:30.0460 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:47:30.0476 0x25bc  SamSs - ok
13:47:30.0491 0x25bc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:47:30.0491 0x25bc  sbp2port - ok
13:47:30.0507 0x25bc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:47:30.0522 0x25bc  SCardSvr - ok
13:47:30.0522 0x25bc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:47:30.0522 0x25bc  scfilter - ok
13:47:30.0554 0x25bc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:47:30.0569 0x25bc  Schedule - ok
13:47:30.0600 0x25bc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:47:30.0600 0x25bc  SCPolicySvc - ok
13:47:30.0600 0x25bc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:47:30.0616 0x25bc  SDRSVC - ok
13:47:30.0632 0x25bc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:47:30.0632 0x25bc  secdrv - ok
13:47:30.0632 0x25bc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:47:30.0632 0x25bc  seclogon - ok
13:47:30.0632 0x25bc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:47:30.0632 0x25bc  SENS - ok
13:47:30.0647 0x25bc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:47:30.0647 0x25bc  SensrSvc - ok
13:47:30.0663 0x25bc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:47:30.0678 0x25bc  Serenum - ok
13:47:30.0678 0x25bc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:47:30.0694 0x25bc  Serial - ok
13:47:30.0694 0x25bc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:47:30.0694 0x25bc  sermouse - ok
13:47:30.0725 0x25bc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:47:30.0725 0x25bc  SessionEnv - ok
13:47:30.0741 0x25bc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:47:30.0741 0x25bc  sffdisk - ok
13:47:30.0756 0x25bc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:47:30.0756 0x25bc  sffp_mmc - ok
13:47:30.0756 0x25bc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:47:30.0772 0x25bc  sffp_sd - ok
13:47:30.0772 0x25bc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:47:30.0772 0x25bc  sfloppy - ok
13:47:30.0788 0x25bc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:47:30.0803 0x25bc  SharedAccess - ok
13:47:30.0819 0x25bc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:47:30.0834 0x25bc  ShellHWDetection - ok
13:47:30.0866 0x25bc  [ EF92588890C3ADEE806D6EE7E3892D99, 1B2F9A18D44B42621AE2408997657F7C6D5507980F5EC5F0DDF1876EAA42A471 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
13:47:30.0866 0x25bc  Shockprf - ok
13:47:30.0881 0x25bc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:47:30.0881 0x25bc  SiSRaid2 - ok
13:47:30.0897 0x25bc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:47:30.0897 0x25bc  SiSRaid4 - ok
13:47:30.0959 0x25bc  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:47:30.0959 0x25bc  SkypeUpdate - ok
13:47:30.0990 0x25bc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:47:30.0990 0x25bc  Smb - ok
13:47:31.0022 0x25bc  [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
13:47:31.0022 0x25bc  SmbDrvI - ok
13:47:31.0037 0x25bc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:47:31.0037 0x25bc  SNMPTRAP - ok
13:47:31.0053 0x25bc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:47:31.0053 0x25bc  spldr - ok
13:47:31.0068 0x25bc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:47:31.0068 0x25bc  Spooler - ok
13:47:31.0178 0x25bc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:47:31.0224 0x25bc  sppsvc - ok
13:47:31.0240 0x25bc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:47:31.0240 0x25bc  sppuinotify - ok
13:47:31.0287 0x25bc  [ AC9B013A342E286E77BD80ABDDF8E4EA, 8359E13020C77065CF623F6B724C8C497C5B78AFCD4CF630151DB70402F96130 ] SPUVCbv         C:\Windows\system32\Drivers\SPUVCbv_x64.sys
13:47:31.0318 0x25bc  SPUVCbv - ok
13:47:31.0334 0x25bc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:47:31.0349 0x25bc  srv - ok
13:47:31.0380 0x25bc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:47:31.0380 0x25bc  srv2 - ok
13:47:31.0396 0x25bc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:47:31.0396 0x25bc  srvnet - ok
13:47:31.0396 0x25bc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:47:31.0412 0x25bc  SSDPSRV - ok
13:47:31.0412 0x25bc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:47:31.0412 0x25bc  SstpSvc - ok
13:47:31.0427 0x25bc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:47:31.0427 0x25bc  stexstor - ok
13:47:31.0458 0x25bc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:47:31.0474 0x25bc  stisvc - ok
13:47:31.0474 0x25bc  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:47:31.0490 0x25bc  storflt - ok
13:47:31.0490 0x25bc  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
13:47:31.0490 0x25bc  StorSvc - ok
13:47:31.0505 0x25bc  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:47:31.0505 0x25bc  storvsc - ok
13:47:31.0521 0x25bc  [ BC2CF20E9C24423FF8826C601104A4CC, E71D5070B7BA59CDC61D555FB9D8ADD178521FB186174CB522852522929D62D4 ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
13:47:31.0536 0x25bc  SUService - ok
13:47:31.0552 0x25bc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:47:31.0552 0x25bc  swenum - ok
13:47:31.0614 0x25bc  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:47:31.0630 0x25bc  SwitchBoard - ok
13:47:31.0661 0x25bc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:47:31.0677 0x25bc  swprv - ok
13:47:31.0724 0x25bc  [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:47:31.0724 0x25bc  SynTP - ok
13:47:31.0770 0x25bc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:47:31.0817 0x25bc  SysMain - ok
13:47:31.0817 0x25bc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:47:31.0833 0x25bc  TabletInputService - ok
13:47:31.0833 0x25bc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:47:31.0848 0x25bc  TapiSrv - ok
13:47:31.0848 0x25bc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:47:31.0848 0x25bc  TBS - ok
13:47:31.0911 0x25bc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:47:31.0958 0x25bc  Tcpip - ok
13:47:32.0004 0x25bc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:47:32.0036 0x25bc  TCPIP6 - ok
13:47:32.0067 0x25bc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:47:32.0067 0x25bc  tcpipreg - ok
13:47:32.0082 0x25bc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:47:32.0082 0x25bc  TDPIPE - ok
13:47:32.0098 0x25bc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:47:32.0114 0x25bc  TDTCP - ok
13:47:32.0114 0x25bc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:47:32.0129 0x25bc  tdx - ok
13:47:32.0129 0x25bc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:47:32.0129 0x25bc  TermDD - ok
13:47:32.0176 0x25bc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:47:32.0207 0x25bc  TermService - ok
13:47:32.0238 0x25bc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:47:32.0238 0x25bc  Themes - ok
13:47:32.0254 0x25bc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:47:32.0270 0x25bc  THREADORDER - ok
13:47:32.0285 0x25bc  [ 5AD72500ABEB2DBCB35789ABA0318ECD, A835C0CE0CF02996E8A2912FD1D2BD85B5253320C7B8AF8258822472EE9218FC ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
13:47:32.0301 0x25bc  tmactmon - ok
13:47:32.0332 0x25bc  [ 9A142A6AF0F9C3343D28F79340BC67B3, F19CFF8C4C9FB73BFAAA577E60929187336F0031BCC7B44BAE8CFEADFB61CB86 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
13:47:32.0332 0x25bc  tmcomm - ok
13:47:32.0379 0x25bc  [ 4068D01A407C5F3B9AD3DF523E6BCEF6, DB3999EC8886610A14C8961356D88363BD5E3F006DA372F02CAEAC2468132565 ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC64.sys
13:47:32.0379 0x25bc  TMEBC - ok
13:47:32.0394 0x25bc  [ 92DD6DB96B6119B7B0135990B61BAD64, 1237D3E207CD943D976464287DFF7BE5E51AC9B94832D48FFACB7AF6963E7AF1 ] tmeevw          C:\Windows\system32\DRIVERS\tmeevw.sys
13:47:32.0410 0x25bc  tmeevw - ok
13:47:32.0410 0x25bc  [ 5D4B89059450C580DC3DFF0FA4F59ADC, 506A8471889C6FEF0F1CBAB0CC92D88C7B5EEF0D6BAB058C856557A8B85E829A ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:47:32.0426 0x25bc  tmevtmgr - ok
13:47:32.0441 0x25bc  [ 8DBD165ADC77EC371D51AFE06993085F, 4B184E61C9EF5FE59D8889836CDBCF78BF610AC4E7396FCD20BC59D515BE6C49 ] tmnciesc        C:\Windows\system32\DRIVERS\tmnciesc.sys
13:47:32.0457 0x25bc  tmnciesc - ok
13:47:32.0472 0x25bc  [ 7CFF1C6F9471CB60DE99192A636E3EC1, 88511FAA0E2B44BAE1BF53510BAEBA927EF6128EE0CE77C031ACE840859F0104 ] tmusa           C:\Windows\system32\DRIVERS\tmusa.sys
13:47:32.0472 0x25bc  tmusa - ok
13:47:32.0472 0x25bc  [ A61D61672153DFF710CA33186D2C8B18, 8A126E249D1BEB66153A958ACD2C56F8DD8D0D762F0BB035E69FCC259C0A8757 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
13:47:32.0488 0x25bc  TPDIGIMN - ok
13:47:32.0504 0x25bc  [ 40492513735AED7A4357AAEC84873027, ACBD7F5A2C90866996C7DD0B69AAF6C79AFB0546A31682D8BD9E378DE2A2375C ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
13:47:32.0504 0x25bc  TPHDEXLGSVC - ok
13:47:32.0566 0x25bc  [ 3B4250CB21F95FFA64162389106F39BA, 2461E6D335D699F837908254FDA43C789D589FE90C9592B5B43D964CFDB43F11 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
13:47:32.0566 0x25bc  TPHKLOAD - ok
13:47:32.0582 0x25bc  [ 667EF334C512416712F14118E3382919, D59D3ED81E823A84885AA0787B020DAFBCA20303F1F5A37F37E5392C5C272F9D ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:47:32.0582 0x25bc  TPHKSVC - ok
13:47:32.0613 0x25bc  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:47:32.0613 0x25bc  TPM - ok
13:47:32.0628 0x25bc  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
13:47:32.0628 0x25bc  TPPWRIF - ok
13:47:32.0660 0x25bc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:47:32.0660 0x25bc  TrkWks - ok
13:47:32.0691 0x25bc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:47:32.0691 0x25bc  TrustedInstaller - ok
13:47:32.0706 0x25bc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:32.0706 0x25bc  tssecsrv - ok
13:47:32.0753 0x25bc  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:47:32.0753 0x25bc  TsUsbFlt - ok
13:47:32.0769 0x25bc  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:47:32.0784 0x25bc  TsUsbGD - ok
13:47:32.0816 0x25bc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:47:32.0816 0x25bc  tunnel - ok
13:47:32.0831 0x25bc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:47:32.0831 0x25bc  uagp35 - ok
13:47:32.0847 0x25bc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:47:32.0862 0x25bc  udfs - ok
13:47:32.0878 0x25bc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:47:32.0878 0x25bc  UI0Detect - ok
13:47:32.0878 0x25bc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:47:32.0878 0x25bc  uliagpkx - ok
13:47:32.0894 0x25bc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:47:32.0894 0x25bc  umbus - ok
13:47:32.0909 0x25bc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:47:32.0909 0x25bc  UmPass - ok
13:47:32.0925 0x25bc  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:47:32.0925 0x25bc  UmRdpService - ok
13:47:32.0940 0x25bc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:47:32.0956 0x25bc  upnphost - ok
13:47:32.0987 0x25bc  [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
13:47:32.0987 0x25bc  usb3Hub - ok
13:47:33.0018 0x25bc  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:33.0034 0x25bc  usbccgp - ok
13:47:33.0034 0x25bc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:47:33.0050 0x25bc  usbcir - ok
13:47:33.0065 0x25bc  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:47:33.0065 0x25bc  usbehci - ok
13:47:33.0081 0x25bc  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:47:33.0096 0x25bc  usbhub - ok
13:47:33.0112 0x25bc  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:47:33.0112 0x25bc  usbohci - ok
13:47:33.0128 0x25bc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:47:33.0128 0x25bc  usbprint - ok
13:47:33.0143 0x25bc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:47:33.0143 0x25bc  usbscan - ok
13:47:33.0159 0x25bc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:47:33.0159 0x25bc  USBSTOR - ok
13:47:33.0174 0x25bc  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:47:33.0174 0x25bc  usbuhci - ok
13:47:33.0190 0x25bc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:47:33.0190 0x25bc  usbvideo - ok
13:47:33.0221 0x25bc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:47:33.0221 0x25bc  UxSms - ok
13:47:33.0255 0x25bc  [ D484F222A65C36A07159BBD5B5B1B225, 6056942960CF3250BCAEEBF7F1DA7F9036D87FA9872AA0F8DAB17927CD41CD0A ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
13:47:33.0255 0x25bc  valWBFPolicyService - ok
13:47:33.0255 0x25bc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:47:33.0270 0x25bc  VaultSvc - ok
13:47:33.0270 0x25bc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:47:33.0270 0x25bc  vdrvroot - ok
13:47:33.0302 0x25bc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:47:33.0317 0x25bc  vds - ok
13:47:33.0317 0x25bc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:47:33.0317 0x25bc  vga - ok
13:47:33.0333 0x25bc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:47:33.0333 0x25bc  VgaSave - ok
13:47:33.0348 0x25bc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:47:33.0364 0x25bc  vhdmp - ok
13:47:33.0380 0x25bc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:47:33.0380 0x25bc  viaide - ok
13:47:33.0395 0x25bc  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:47:33.0411 0x25bc  vmbus - ok
13:47:33.0411 0x25bc  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:47:33.0411 0x25bc  VMBusHID - ok
13:47:33.0411 0x25bc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:47:33.0426 0x25bc  volmgr - ok
13:47:33.0426 0x25bc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:47:33.0442 0x25bc  volmgrx - ok
13:47:33.0442 0x25bc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:47:33.0458 0x25bc  volsnap - ok
13:47:33.0473 0x25bc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:47:33.0473 0x25bc  vsmraid - ok
13:47:33.0536 0x25bc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:47:33.0567 0x25bc  VSS - ok
13:47:33.0582 0x25bc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:47:33.0582 0x25bc  vwifibus - ok
13:47:33.0598 0x25bc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:47:33.0598 0x25bc  vwififlt - ok
13:47:33.0598 0x25bc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:47:33.0614 0x25bc  vwifimp - ok
13:47:33.0629 0x25bc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:47:33.0645 0x25bc  W32Time - ok
13:47:33.0660 0x25bc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:47:33.0660 0x25bc  WacomPen - ok
13:47:33.0692 0x25bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:47:33.0692 0x25bc  WANARP - ok
13:47:33.0707 0x25bc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:47:33.0707 0x25bc  Wanarpv6 - ok
13:47:33.0790 0x25bc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:47:33.0811 0x25bc  WatAdminSvc - ok
13:47:33.0873 0x25bc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:47:33.0904 0x25bc  wbengine - ok
13:47:33.0904 0x25bc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:47:33.0920 0x25bc  WbioSrvc - ok
13:47:33.0920 0x25bc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:47:33.0936 0x25bc  wcncsvc - ok
13:47:33.0936 0x25bc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:47:33.0936 0x25bc  WcsPlugInService - ok
13:47:33.0951 0x25bc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:47:33.0951 0x25bc  Wd - ok
13:47:33.0967 0x25bc  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
13:47:33.0967 0x25bc  WDC_SAM - ok
13:47:34.0001 0x25bc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:47:34.0032 0x25bc  Wdf01000 - ok
13:47:34.0032 0x25bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:47:34.0047 0x25bc  WdiServiceHost - ok
13:47:34.0047 0x25bc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:47:34.0047 0x25bc  WdiSystemHost - ok
13:47:34.0063 0x25bc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:47:34.0063 0x25bc  WebClient - ok
13:47:34.0079 0x25bc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:47:34.0094 0x25bc  Wecsvc - ok
13:47:34.0094 0x25bc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:47:34.0094 0x25bc  wercplsupport - ok
13:47:34.0110 0x25bc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:47:34.0110 0x25bc  WerSvc - ok
13:47:34.0141 0x25bc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:47:34.0141 0x25bc  WfpLwf - ok
13:47:34.0157 0x25bc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:47:34.0157 0x25bc  WIMMount - ok
13:47:34.0172 0x25bc  WinDefend - ok
13:47:34.0172 0x25bc  WinHttpAutoProxySvc - ok
13:47:34.0219 0x25bc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:47:34.0219 0x25bc  Winmgmt - ok
13:47:34.0281 0x25bc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:47:34.0328 0x25bc  WinRM - ok
13:47:34.0359 0x25bc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
13:47:34.0359 0x25bc  WinUsb - ok
13:47:34.0391 0x25bc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:47:34.0406 0x25bc  Wlansvc - ok
13:47:34.0422 0x25bc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:47:34.0422 0x25bc  WmiAcpi - ok
13:47:34.0422 0x25bc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:47:34.0437 0x25bc  wmiApSrv - ok
13:47:34.0437 0x25bc  WMPNetworkSvc - ok
13:47:34.0453 0x25bc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:47:34.0453 0x25bc  WPCSvc - ok
13:47:34.0453 0x25bc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:47:34.0469 0x25bc  WPDBusEnum - ok
13:47:34.0469 0x25bc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:47:34.0469 0x25bc  ws2ifsl - ok
13:47:34.0469 0x25bc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:47:34.0484 0x25bc  wscsvc - ok
13:47:34.0484 0x25bc  WSearch - ok
13:47:34.0562 0x25bc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:47:34.0609 0x25bc  wuauserv - ok
13:47:34.0625 0x25bc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:47:34.0625 0x25bc  WudfPf - ok
13:47:34.0640 0x25bc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:47:34.0656 0x25bc  WUDFRd - ok
13:47:34.0656 0x25bc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:47:34.0656 0x25bc  wudfsvc - ok
13:47:34.0671 0x25bc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:47:34.0687 0x25bc  WwanSvc - ok
13:47:34.0827 0x25bc  [ 8D809F4ECFE9E80723C49B427854068A, 4186B6C56BA70106A95D28371360C780F55FECA1A1C61966F091A07A390BA189 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:47:34.0905 0x25bc  ZeroConfigService - ok
13:47:34.0921 0x25bc  ================ Scan global ===============================
13:47:34.0937 0x25bc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:47:34.0952 0x25bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:47:34.0968 0x25bc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:47:34.0999 0x25bc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:47:35.0030 0x25bc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:47:35.0030 0x25bc  [ Global ] - ok
13:47:35.0030 0x25bc  ================ Scan MBR ==================================
13:47:35.0046 0x25bc  [ 9ACC3726E117821BBECA24392E952F29 ] \Device\Harddisk0\DR0
13:47:35.0233 0x25bc  \Device\Harddisk0\DR0 - ok
13:47:35.0249 0x25bc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:47:35.0249 0x25bc  \Device\Harddisk1\DR1 - ok
13:47:35.0249 0x25bc  ================ Scan VBR ==================================
13:47:35.0249 0x25bc  [ 363B8F950DEF3F400F5F062037E282DE ] \Device\Harddisk0\DR0\Partition1
13:47:35.0264 0x25bc  \Device\Harddisk0\DR0\Partition1 - ok
13:47:35.0264 0x25bc  [ 3B72D991DC5A516EE138E722FE44AFF0 ] \Device\Harddisk0\DR0\Partition2
13:47:35.0282 0x25bc  \Device\Harddisk0\DR0\Partition2 - ok
13:47:35.0285 0x25bc  [ 939B2B7AC3AB4C4B193ADEEA26EA2359 ] \Device\Harddisk0\DR0\Partition3
13:47:35.0300 0x25bc  \Device\Harddisk0\DR0\Partition3 - ok
13:47:35.0300 0x25bc  ================ Scan generic autorun ======================
13:47:35.0363 0x25bc  [ 3870A4FB83F82357713AB8DB9ED1FEBD, D1669E3E066E23D69BD4E4D4ECF7D8F0247BBD2C9E69B572273715EC18FDC0C4 ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
13:47:35.0378 0x25bc  BLEServicesCtrl - ok
13:47:35.0378 0x25bc  BTMTrayAgent - ok
13:47:35.0394 0x25bc  [ 8AAADD581467160C81C0FF1ED999AC84, 4578A3594CF3FE92ED450E261F0D2BB3D88C6F637DE9E8455AEEE24702F13330 ] C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
13:47:35.0410 0x25bc  Enhanced Performance Keyboard - ok
13:47:35.0425 0x25bc  [ C73813719C5CA13FDBD707973669259F, 860B8A362887065F0F1E27EA9286137A70614E566238308772DA7B5A943DEF12 ] C:\Windows\system32\igfxtray.exe
13:47:35.0441 0x25bc  IgfxTray - ok
13:47:35.0472 0x25bc  [ 26DA36A30AB7F06531D7DEC250728EC5, 9ACB8B27FE2BBE9FE310E7E9BF3432D87042BB5E5F3E329E101805E057931502 ] C:\Windows\system32\hkcmd.exe
13:47:35.0472 0x25bc  HotKeysCmds - ok
13:47:35.0503 0x25bc  [ EF1297DA4D4ABB6063646A4BE6E10F25, 6F769E37984EE51EC9A1A80EF063AD83067B1742D45A354C27ADC862042220D0 ] C:\Windows\system32\igfxpers.exe
13:47:35.0534 0x25bc  Persistence - ok
13:47:35.0534 0x25bc  SynTPEnh - ok
13:47:35.0534 0x25bc  [ 08593F82008D1524079C7CEA3D7F28F4, D6FF1875593D2BFFC137F9AD91C7A77916B83631B1D0BB97FF826F77D139B892 ] C:\Windows\system32\TpShocks.exe
13:47:35.0550 0x25bc  TpShocks - ok
13:47:35.0597 0x25bc  [ 4E2FED41009B0D4E10F0121290C2EE7A, A8D1267F185439D41DA3D2486B2AEF9EE4A90362C01CB863615F44FC80EE3EC9 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
13:47:35.0612 0x25bc  LENOVO.TPKNRRES - ok
13:47:35.0753 0x25bc  [ 474FF0E975FAA1240FE81551A8549768, 162B7712AC87921F17DF9EBAAA769482332508715BC4EED3BF4ABECC95321A5E ] C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
13:47:35.0862 0x25bc  MFACApp - ok
13:47:35.0893 0x25bc  [ 16E85DAB0DD2ABCA10CF3A7A8ED510BB, FD4CC3C7FED878DDC4EB3C1852D5AB95922DA9312E79CF845A6B65180449E38E ] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
13:47:35.0893 0x25bc  Daemon for Mouse Suite - ok
13:47:35.0924 0x25bc  [ BF618D3F2C5B3DBB6D0A5BEFD9B75181, 45BE1EF996B5F2EB762944C67D268BE3ED4C5F18D97D98911EC3079D4E2EF0E4 ] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
13:47:35.0924 0x25bc  Trend Micro Client Framework - ok
13:47:35.0956 0x25bc  [ 38BA32C3FB35AA572F0148E7EA2FFEE9, 0658E3F12B4C6B8A046A48BB37D57D138391568754A981884BC7DD9CA9C8C8A4 ] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
13:47:35.0989 0x25bc  Platinum - ok
13:47:36.0005 0x25bc  [ 592C3C2CE64B4D7BBA956DD36CA0E82F, 4A1E521093D36F8F958DC04F4013D5B5480E56E069FFCA0F40F1587175A63A2A ] C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
13:47:36.0005 0x25bc  WLM - ok
13:47:36.0052 0x25bc  [ 3E48A4D66B5D092FEA1B21328AF08CD3, 5741700DF8A3D363FA398AFA9C26493B420F0B2FDD89EAD398E25B56494E1BC0 ] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
13:47:36.0067 0x25bc  lxeamon.exe - ok
13:47:36.0067 0x25bc  [ EEC2835879188CE91EFC345DBAEFE6AF, AF77EBFD9869D4D20BABCCD21257088F2C0AD8FAE9AF41A827DA1DE8ACC5D80E ] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
13:47:36.0083 0x25bc  EzPrint - ok
13:47:36.0176 0x25bc  [ 393F021E2A9FA19AC94BA4482E32FC6C, 8DC7A061643099B8A1915ADB59D89912A117883D4194BCC05F653E19DFD321A9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:47:36.0192 0x25bc  AdobeAAMUpdater-1.0 - ok
13:47:36.0239 0x25bc  [ D38E57E6FF593B43D7BE013348A32CE6, ECD3BDD602B3B67106483EF8E438EA94C98FA9E0044137054DDCE10E96E72648 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:47:36.0239 0x25bc  USB3MON - ok
13:47:36.0254 0x25bc  PWMTRV - ok
13:47:36.0288 0x25bc  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:47:36.0319 0x25bc  Adobe ARM - ok
13:47:36.0522 0x25bc  [ C8BD6D2BD6D52259C2A672A86AA26A51, B790812B7B2A6BBEAD46E78D97358F7135386BDA8C95C8E936BE55286C8492D7 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
13:47:36.0600 0x25bc  Lenovo Registration - ok
13:47:36.0647 0x25bc  [ EF2FB25A0E60361E7934FE920C74354F, 9E7FE2D59AEBD3F569138B33DE82F64B26EFBC96807B8ED01916C823B34ECF7B ] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
13:47:36.0663 0x25bc  Fastboot - ok
13:47:36.0725 0x25bc  [ E504BAAC3857F20F1D9F20EAED5E0637, 2C527925FF7EBD9F2D41E21420958A07524310F81DD1921A414D74430E13531D ] C:\Program Files (x86)\Integrated Camera\monitor.exe
13:47:36.0756 0x25bc  Integrated Camera_Monitor - ok
13:47:36.0881 0x25bc  [ 818DA091BF0F17AFDFA19CF39226FF0F, 3967E0C3E111EB8E0E0F7D275F9E8F2C36536474842ECEF2153C9128749CB20A ] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
13:47:36.0959 0x25bc  Intuit SyncManager - ok
13:47:37.0021 0x25bc  [ 35048D8E8A0BF7A797CD5757ACD7EED0, 890FCF24869614B3990B575A588ECB35C25A5B896F21BF9C66D43C93787FDD7A ] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
13:47:37.0021 0x25bc  CLMLServer - ok
13:47:37.0053 0x25bc  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
13:47:37.0068 0x25bc  YouCam Mirage - ok
13:47:37.0084 0x25bc  [ 324285C053CB9C894431559F962B101C, 81858C33EA53B0B06A684E10465FA44BB050832BC2F35544F8FD24CB8473EA1F ] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
13:47:37.0084 0x25bc  YouCam Tray - ok
13:47:37.0115 0x25bc  [ F73FA58CA56F434D87B6DE511C70609D, 4749F0AE59822C91475BD817DCF6AA7BAAC15E0EC94FE70F7FD0D0E15C32C08B ] C:\Program Files (x86)\Lexmark S300-S400 Series\fm3032.exe
13:47:37.0131 0x25bc  Lexmark S300-S400 Series - ok
13:47:37.0177 0x25bc  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:47:37.0177 0x25bc  SwitchBoard - ok
13:47:37.0240 0x25bc  [ E1636F57581CAB5D995FD54D2991EF57, BB6B3D005054D386D596A4BA4D9D2F1284D7C845C1CD5EE63775B4569559E0EB ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
13:47:37.0305 0x25bc  AdobeCS5.5ServiceManager - ok
13:47:37.0367 0x25bc  [ 505E8BDA9F740F45846C68EAD3FDB7E3, DEDB705065DA99941048DBCE7A3100548BB09383DA472730C4DF2AE62B16F774 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
13:47:37.0367 0x25bc  Adobe Acrobat Speed Launcher - ok
13:47:37.0398 0x25bc  [ 778615BE018111F244F1618EBCA97F54, FA8859EE35933605B44D4BCC199CC72E3A04AC878DDB0A4A4B1E0E41C6E7C0A9 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
13:47:37.0414 0x25bc  Acrobat Assistant 8.0 - ok
13:47:37.0445 0x25bc  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:47:37.0445 0x25bc  APSDaemon - ok
13:47:37.0492 0x25bc  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
13:47:37.0492 0x25bc  QuickTime Task - ok
13:47:37.0554 0x25bc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:47:37.0601 0x25bc  Sidebar - ok
13:47:37.0617 0x25bc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:47:37.0617 0x25bc  mctadmin - ok
13:47:37.0648 0x25bc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:47:37.0663 0x25bc  Sidebar - ok
13:47:37.0663 0x25bc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:47:37.0663 0x25bc  mctadmin - ok
13:47:37.0741 0x25bc  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
13:47:37.0757 0x25bc  Sidebar - ok
13:47:37.0804 0x25bc  [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\Susan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
13:47:37.0819 0x25bc  SkyDrive - ok
13:47:37.0819 0x25bc  Waiting for KSN requests completion. In queue: 135
13:47:38.0823 0x25bc  Waiting for KSN requests completion. In queue: 135
13:47:39.0831 0x25bc  Waiting for KSN requests completion. In queue: 135
13:47:40.0835 0x25bc  Waiting for KSN requests completion. In queue: 135
13:47:42.0059 0x25bc  AV detected via SS2: Trend Micro Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 8.0.0.1192 ), 0x41000 ( enabled : updated )
13:47:42.0090 0x25bc  Win FW state via NFP2: enabled
13:47:44.0999 0x25bc  ============================================================
13:47:44.0999 0x25bc  Scan finished
13:47:44.0999 0x25bc  ============================================================
13:47:44.0999 0x0574  Detected object count: 0
13:47:44.0999 0x0574  Actual detected object count: 0


#10 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 05 December 2014 - 03:56 PM

here is the aswMBR results

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-05 13:52:55
-----------------------------
13:52:55.140    OS Version: Windows x64 6.1.7601 Service Pack 1
13:52:55.140    Number of processors: 4 586 0x4501
13:52:55.140    ComputerName: SUSAN-PC  UserName: Susan
13:52:55.499    Initialize success
13:52:55.686    VM: initialized successfully
13:52:55.686    VM: Intel CPU BiosDisabled 
13:53:05.323    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
13:53:05.323    Disk 0 Vendor: TOSHIBA_ AV00 Size: 476940MB BusType: 11
13:53:05.323    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000071
13:53:05.339    Disk 1 Vendor: SanDisk_ U21B Size: 15272MB BusType: 11
13:53:05.422    Disk 0 MBR read successfully
13:53:05.422    Disk 0 MBR scan
13:53:05.437    Disk 0 unknown MBR code
13:53:05.437    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1500 MB offset 2048
13:53:05.437    Disk 0 Boot: NTFS     code=1
13:53:05.437    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       458887 MB offset 3074048
13:53:05.484    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16551 MB offset 942874624
13:53:05.515    Disk 0 scanning C:\Windows\system32\drivers
13:53:16.482    Service scanning
13:53:20.772    Modules scanning
13:53:20.772    Disk 0 trace - called modules:
13:53:20.788    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
13:53:20.803    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006add060]
13:53:20.803    3 CLASSPNP.SYS[fffff88001d8343f] -> nt!IofCallDriver -> [0xfffffa800696cc50]
13:53:20.803    5 iaStorF.sys[fffff88001d1ff84] -> nt!IofCallDriver -> \Device\00000070[0xfffffa800402d060]
13:53:20.803    Disk 0 statistics 119191/0/0 @ 10.60 MB/s
13:53:20.803    Scan finished successfully
13:54:18.970    Disk 0 MBR has been saved successfully to "C:\Users\Susan\Downloads\MBR.dat"
13:54:18.970    The log file has been saved successfully to "C:\Users\Susan\Downloads\aswMBR.txt"
 
 

Attached Files

  • Attached File  MBR.zip   562bytes   0 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 AM

Posted 06 December 2014 - 08:46 AM


Nothing suspicious was found on your Master Boot Record.

Please Download Tweaking.com - Windows Repair from Here
 
[list]
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • On Start Repairs Click Start
  • Click the Unselect All button then select just the items below
    Repair Proxy Settings
    Repair Winsock & DNS Cache
    Remove Temp Files
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.


#12 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 December 2014 - 09:34 AM

I can get to the website and link in both Chrome and IE but it doesn't seem to download....in Chrome I can see a javascript message briefly at the bottom but then nothing...when I ask to open in a new window, it opens the window but says blank.....is there another way to access this tool?



#13 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 December 2014 - 10:03 AM

OK..disregard last message....got the application to run...here is the winsock log

 

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Ok.
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
The following command was not found: int isatap reset all.
 
 
Reset of all TCP parameters OK!
Ok.
 
The following command was not found: int teredo reset all.
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
Windows IP Configuration
 
Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Ok.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.
 
There's no user specified settings to be reset.
 
 
The following command was not found: int isatap reset all.
 
 
Reset of all TCP parameters OK!
Ok.
 
The following command was not found: int teredo reset all.
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
Windows IP Configuration
 
Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.


#14 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 December 2014 - 10:04 AM

Here is the remove temp files log

 

Deleted file - C:\Users\Susan\AppData\Local\Temp\.challenge_plain
Deleted file - C:\Users\Susan\AppData\Local\Temp\15827OutPut.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\15886OutPut.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\15977OutPut.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\16000OutPut.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\16026OutPut.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-05_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-06_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-07_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-10_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-11_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-12_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-13_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-14_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-17_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-18_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-19_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-20_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-21_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-24_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-26_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-28_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-11-29_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-12-01_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-12-02_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-12-04_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-12-05_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\2014-12-06_Monitor_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\625A.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\6C5F372D-84D4-4B61-965E-EFC4820F2F7E.Diagnose.0.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\8972.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\99214032-AB9E-44D1-AAC3-4A07EC47F0D6.Diagnose.0.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\AbbyyMsiLog.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\Abspdf.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdf.drv
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdf.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfu.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfuamd64.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfui.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfuia64.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfuiamd64.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\acfpdfuiia64.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\AdobeARM.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\AdobeARM_NotLocked.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\adwcleaner.db
Deleted file - C:\Users\Susan\AppData\Local\Temp\AdwCleaner.jpg
Deleted file - C:\Users\Susan\AppData\Local\Temp\amt3.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\amyuni.inf
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00000.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00001.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00002.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00003.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00004.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00005.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00006.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00007.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00008.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ASPNETSetup_00009.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\atpdf400.cat
Deleted file - C:\Users\Susan\AppData\Local\Temp\Attach.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\aut2689.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\B155C363-A85E-4311-AFC8-A7F3A13DEF8B.Repair.1.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\bgciu.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\BLEServices.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca09B.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca0SM.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca1L7.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca365.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca4UM.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca5K2.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca5P9.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca6NZ.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca6SM.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca88X.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca9IE.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\ca9MC.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\cab1803.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\caB9X.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\cabD02C.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\caBIF.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caCK8.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caCQR.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caDFQ.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caDGV.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caDSR.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caHQN.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caIF8.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caJ7E.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caJI4.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caKEP.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caLRM.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caM30.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caN86.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caNR1.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caO44.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caOFX.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caP3C.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caQDW.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caR1O.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caREG.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caU7X.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caVZ6.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caWBW.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caWQ0.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caXCH.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caXOY.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caYEU.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caYMH.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caYNS.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caYTD.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\caZ05.cir
Deleted file - C:\Users\Susan\AppData\Local\Temp\cdintf.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\chrome_installer.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Cleaning.ico
Deleted file - C:\Users\Susan\AppData\Local\Temp\Click.wav
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR1534.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR15A5.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR1F26.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR2214.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR2491.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR255E.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR26B2.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR27BB.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR2829.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR2ED2.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR2F3A.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR30CF.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR32E3.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR3A44.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR3C83.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR3FAE.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR422E.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR4859.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR4DC4.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR4EF9.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5055.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5092.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR53BA.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5437.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR59FD.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5A23.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5C0.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR5CC2.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR6640.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR7227.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR72BF.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR780C.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR78C9.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR7F01.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR80C5.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR816E.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR8229.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR8601.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR862F.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR8D3A.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR9453.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVR9BD4.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRA4A8.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRA795.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRAAB0.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRB05B.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRBD26.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRC1B8.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRC283.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRC725.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRC89B.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRCAC.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRD0B6.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRD152.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRD799.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRDB02.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRDFC3.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRE486.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRE6E5.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRE987.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVREA88.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVREBC8.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVREF4D.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRF49B.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRF527.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRF556.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\CVRF93D.tmp.cvr
Deleted file - C:\Users\Susan\AppData\Local\Temp\D05179A8-B4DB-4B7B-8A89-5870BC35BFA5.Diagnose.0.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\D05179A8-B4DB-4B7B-8A89-5870BC35BFA5.Repair.1.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\D05179A8-B4DB-4B7B-8A89-5870BC35BFA5.Verify.2.etl
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat24D1.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat2DEB.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat2FDF.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat55CD.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat5E08.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat8C5A.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat8FF6.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\dat9A1D.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\datAA56.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\datACA8.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\DDS.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP45-KB2894854-v2-x64_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP45-KB2931368-x64_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP45-KB2972107-x64_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP45-KB2972216-x64_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP45-KB2979578-v2-x64_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_NDP451-KB2858725-x86-x64-ENU_decompression_log.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_SetupUtility.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_vcredistMSI322D.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_vcredistUI322D.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_144150_850.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_144152_269.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_150349_817.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_150350_784.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_151826_928.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_151828_332.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_152414_153.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_152414_871.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_152840_009.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dd_wcf_CA_smci_20141106_152841_990.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\dllnt_dump.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\DMI525F.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\DMID32F.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Donate.ico
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ybdou.dll
Access is denied.
C:\Users\Susan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ybdou.lck
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Susan\AppData\Local\Temp\ecobox.css
Deleted file - C:\Users\Susan\AppData\Local\Temp\EntitlementClientInstallLog.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\EULA.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\Exit.wav
C:\Users\Susan\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Susan\AppData\Local\Temp\GUT36BA.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\IEC6855.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\IEC84B.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\install.isf
Deleted file - C:\Users\Susan\AppData\Local\Temp\install.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\InstallAX.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\InstallPlugin.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\Intuit.Spc.Map.Features.WindowsFirewallLog.txt
C:\Users\Susan\AppData\Local\Temp\JET9108.tmp
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2737083_20141106_075323163-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2737083_20141106_075323163.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2742613_20141106_082403499-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2742613_20141106_082403499.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2750147_20141106_080332422-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2750147_20141106_080332422.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2789648_20141106_075245131-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2789648_20141106_075245131.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2805221_20141106_075914273-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2805221_20141106_075914273.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2805226_20141106_074129400-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2805226_20141106_074129400.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2840642_20141106_080554929-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2840642_20141106_080554929.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2861208_20141106_083401182.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2894854_20141106_075621846-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2894854_20141106_075621846.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2898864_20141106_074335042-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2898864_20141106_074335042.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2901118_20141106_080736516-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2901118_20141106_080736516.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2931368_20141106_074904125-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2931368_20141106_074904125.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2972107_20141106_083139191-Microsoft .NET Framework 4.5.1-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2972107_20141106_083139191.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2972216_20141106_081804152-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2972216_20141106_081804152.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2979578_20141106_082245374-Microsoft .NET Framework 4.5-MSP0.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\KB2979578_20141106_082245374.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\LSCInstall.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\LxProxy.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\MCPInstall.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 Setup_20141106_082702525-MSI_netfx_Full_GDR_x64.msi.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 Setup_20141106_082702525.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\MSI52a1c.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\MSIe0bd.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\MSIf5c81.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\MSIf5c82.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\NitroSysFonts01.dat
Deleted file - C:\Users\Susan\AppData\Local\Temp\offlineEcoBox.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\OLKBDE0.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\oobelib.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Open.wav
Deleted file - C:\Users\Susan\AppData\Local\Temp\Pal-acer.pal
Deleted file - C:\Users\Susan\AppData\Local\Temp\Pal.pal
Deleted file - C:\Users\Susan\AppData\Local\Temp\PDApp.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\PDFPRT400.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\PIC_BootStrap.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\QBCA64_11_06_13_17_49.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\QBSearchIndexerError.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\QTInstallCode.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\qtplugin.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\qtsingleapp-ebecef-2f41-1-lockfile
Deleted file - C:\Users\Susan\AppData\Local\Temp\Quarantine.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\QuickBooksMSI.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\QuickBooks_15.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Report.ico
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI11B.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI11B.tmp-tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI7F8D.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI7F8D.tmp-tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI847C.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGI847C.tmp-tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGIC544.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGIC544.tmp-tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGICCA3.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\RGICCA3.tmp-tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\S300-S400 Series_app.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Scan.ico
Deleted file - C:\Users\Susan\AppData\Local\Temp\Set3A8.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Skype.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\sqlite3.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\StructuredQuery.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1708.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1708a.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1708b.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1804.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1804a.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1804b.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141105-1805.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SUSAN-PC-20141114-1653.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Susan.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\swtag.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\SYMEVENT.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\tmbep_plugin_local.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Uninstall.ico
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct14F6.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct2C4D.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct3014.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct4C3A.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5002.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5704.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5C04.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5CCE.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5FBB.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct5FDA.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct622B.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct6335.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct6D63.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct8138.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct829B.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct8341.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct8F24.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wct9BEF.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctAB3C.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctB4A0.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctE26.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctE5B0.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctE8A9.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctECAE.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wctF95E.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\wmsetup.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\xmllite.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DF024A766900E2FB1E.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DF07FA3A474EA3AC62.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DF10349869C3AE9BF2.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DF6C58FD671EACB475.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DF766CA888DEE24621.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DFC80D7ABB0A875A32.TMP
Deleted file - C:\Users\Susan\AppData\Local\Temp\~DFD43474A09BC1577D.TMP
C:\Users\Susan\AppData\Local\Temp\~DFDD9117CBF17993EB.TMP
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Susan\AppData\Local\Temp\components\DownloadQB25\critinfo\.update\.edition
Deleted file - C:\Users\Susan\AppData\Local\Temp\components\DownloadQB25\critinfo\.update\.intuit\UpdateDirChan.QFN
Deleted file - C:\Users\Susan\AppData\Local\Temp\fla955C.tmp\LSCSetup64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\FUUComm.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\GN__ac.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\GN__bc.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\GN__comc.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\GN__hcp.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\GN__usbd.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\NoGuiUpdateMode.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\trdrp.avi
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\ar\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\cs\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\da\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\de\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\el\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\en\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\es\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\fi\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\fr\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\he\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\hu\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\it\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\ja\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\ko\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\nl\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\no\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\pl\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\pt_BR\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\pt_PT\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\ro\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\ru\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\sv\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\tr\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\zh\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Common\zh_TW\lang.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\config.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-AR.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-CS.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-DA.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-DE.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-EL.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-EN.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-ES.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-FI.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-FR.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-HE.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-HU.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-IT.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-JA.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-KO.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-NL.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-NO.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-PL.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-PT_BR.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-RO.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-RU.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-SV.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-TR.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-ZH.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\EU9-0001-ZH_TW.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\flash.fls
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\mback.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\FUU_1415677537\Package\updater.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\dat3774.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\dat3775.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\dat3776.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\dat3777.tmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\lexmarktoolbar.pull.default
Deleted file - C:\Users\Susan\AppData\Local\Temp\Low\tmbep_plugin_local.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\lxea\dumpvars.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\lxea\inst_wsu.chm
Deleted file - C:\Users\Susan\AppData\Local\Temp\lxea\LXEAuser.pdf
Deleted file - C:\Users\Susan\AppData\Local\Temp\lxea\thankyoupage.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\lxea\version.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\Mouse Suite\setup.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx
Deleted file - C:\Users\Susan\AppData\Local\Temp\nsh565B.tmp\DropboxNSISTools.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\nsh565B.tmp\nsisFile.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\nsh565B.tmp\UAC.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\nsk277E.tmp\DropboxNSISTools.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\nsk277E.tmp\UAC.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RA26F44DD\hash.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RA26F44DD\v32.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RA26F44DD\VersionDescriptor.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2REF05DE0A\i641033.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RF821F042\hash.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RF821F042\v32.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RF821F042\VersionDescriptor.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\OfficeC2RF827F04E\i641033.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\outlook logging\azstreamlinedcoxnet-Incoming-11_05_2014-17_55_04_027.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\outlook logging\azstreamlinedcoxnet-Outgoing-11_05_2014-17_55_04_495.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\outlook logging\azstreamlinedgmailcom-Incoming-11_05_2014-17_49_15_803.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\outlook logging\azstreamlinedgmailcom-Outgoing-11_05_2014-17_49_18_097.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\outlook logging\firstrun.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\Setup.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\0x0409.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\AutoStartSetup.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\CleanUpUtil.Exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\Data1.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\ErrorCodeToFixSequence.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\err_rep.chm
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\Framework.xml
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\InetClnt.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\InstallTool.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\Intuit.Spc.Map.EntitlementClient.Install.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\License Agreement.rtf
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\manifest.ecml
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\mfc120.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\msvcp120.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\msvcr120.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\PreInstallCheck.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\QBINSTAL.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\qbm3t2.dat
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\QBSendError20.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\qbuchannel.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\QuickBooks.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\setup.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\setup.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\Setup.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\WindowsInstaller-KB893803-x86.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ae_bb1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ae_bb2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ae_plus_bb1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ae_plus_bb2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ae_plus_bb3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\BbrdMatrix.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\BubbleArrow.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\congrats_read_about_existing.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\congrats_read_about_new.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ENT_explain_custom_install_options.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ESinstallcustom.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ESinstalldestination.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ESinstalltype.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ES_AE_BB1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ES_AE_BB2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\es_bb1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\es_bb2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\es_bb3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\es_bb4.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\ES_BB5.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\explain_custom_install_location.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\explain_custom_install_options.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\explain_install_type_no_prior.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\explain_install_type_prior.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\frameset.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\framesetChild.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\help_bottom.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\help_top.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\InstallerHelpHeader.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\install_style.css
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\LoginDesc.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\pro_bb1.PNG
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\pro_bb2.PNG
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_BB3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_BB4.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_Plus_BB1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_Plus_BB2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_Plus_BB3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\Pro_Plus_BB4.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\spro_bb1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\spro_bb2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPRO_BB3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPRO_BB4.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPro_Plus_BB1.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPro_Plus_BB2.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPro_Plus_BB3.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\SPro_Plus_BB4.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\STDinstallcustom.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\STDinstalldestination.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\STDinstalltype.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\MoreInfo\WebReg.html
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\QBooks\SupportSoft\SupportSoftAssistedService.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\Support\RemoteAssist.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\ABS\ABSPDF412Setup.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\ABS\PDFINSTALL.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT10\QBVCRedist64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT10\VC10RedistX86.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT12\QBVC12Redist64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT12\VC12X86Redist.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT9\vc_red.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\CRT9\vc_red.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\DotNET40\dotNetFx40_Full_x86_x64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\Flash11\install_flash_player_11_active_x.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\eula.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\O2003PIA.MSI
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\o2007pia.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\o2010pia.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor.exe.manifest
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor30.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor30sp1-KB949258-x86.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor40_x64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor40_x86.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\WindowsXP-KB915865-v11-x86-ENU.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1025.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1028.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1030.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1031.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1033.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1035.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1036.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1037.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1040.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1041.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1042.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1043.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1044.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1045.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1046.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1049.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.1053.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.2052.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\eula.3082.txt
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\globdata.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1025.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1028.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1029.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1030.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1031.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1032.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1033.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1035.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1036.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1037.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1038.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1040.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1041.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1042.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1043.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1044.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1045.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1046.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1049.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1053.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.1055.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.2052.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.2070.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.3076.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\install.res.3082.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\unicows.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\vsto.bmp
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\vsto.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\vsto1.cab
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSOffice\vstor20\_sfx_manifest_
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSXML6\msxml6.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSXML6\msxml6_x64.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\ProPlus_us25r3\ThirdParty\MSXML6\msxml6_x86.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\qbupdate\Log\CHANNEL.LOG
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir1664_6832\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir1664_6832\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir3656_10303\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir3656_10303\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir3808_30530\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir3808_30530\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4224_10518\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4224_10518\Cookies-journal
C:\Users\Susan\AppData\Local\Temp\scoped_dir4304_7147\Cookies
The process cannot access the file because it is being used by another process.
C:\Users\Susan\AppData\Local\Temp\scoped_dir4304_7147\Cookies-journal
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4308_27996\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4308_27996\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4720_18545\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4720_18545\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4732_26784\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir4732_26784\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5168_2163\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5168_2163\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5172_7621\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5172_7621\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5224_6673\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5224_6673\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5288_13301\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5288_13301\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5440_4337\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5440_4337\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5468_3041\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5468_3041\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5548_32290\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5548_32290\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_1323\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_1323\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_16374\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_16374\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_18262\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5560_18262\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5584_22990\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5584_22990\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5592_30200\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5592_30200\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5600_25701\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5600_25701\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5612_445\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5612_445\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5616_8195\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5616_8195\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5648_15237\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5648_15237\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5652_22517\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5652_22517\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5656_31401\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5656_31401\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5656_977\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5656_977\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5660_8190\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5660_8190\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5672_11829\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5672_11829\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5692_17679\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5692_17679\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5700_16619\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5700_16619\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_14307\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_14307\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_18403\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_18403\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_6445\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5708_6445\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5736_1794\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5736_1794\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5740_28652\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5740_28652\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5764_5676\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5764_5676\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5768_30154\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5768_30154\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5768_8428\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5768_8428\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5788_488\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5788_488\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5800_6840\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5800_6840\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5800_6887\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5800_6887\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5812_20589\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5812_20589\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5828_3971\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5828_3971\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5844_29449\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5844_29449\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5908_4375\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5908_4375\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5964_11204\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir5964_11204\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir6012_12210\Cookies
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir6012_12210\Cookies-journal
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\DECODED_IMAGES
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\DECODED_MESSAGE_CATALOGS
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\search.crx
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\128.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\16.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\32.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\48.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\manifest.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ar\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\bg\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ca\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\cs\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\da\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\de\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\el\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\en\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\en_GB\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\en_US\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\es\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\es_419\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\et\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\fi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\fil\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\fr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\he\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\hi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\hr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\hu\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\id\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\it\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ja\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ko\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\lt\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\lv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\nl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\no\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\pl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\pt_BR\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\pt_PT\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ro\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\ru\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\sk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\sl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\sr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\sv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\th\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\tr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\uk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\vi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\zh_CN\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_20168\CRX_INSTALL\_locales\zh_TW\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\DECODED_IMAGES
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\DECODED_MESSAGE_CATALOGS
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\drive.crx
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\128.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\manifest.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ar\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\bg\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ca\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\cs\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\da\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\de\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\el\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\en_GB\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\en_US\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\es\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\es_419\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\et\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\eu\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\fi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\fil\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\fr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\he\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\hi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\hr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\hu\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\id\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\it\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ja\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ko\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\lt\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\lv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ms\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\nl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\no\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\pl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\pt_BR\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\pt_PT\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ro\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\ru\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\sk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\sl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\sr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\sv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\th\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\tr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\uk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\vi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\zh_CN\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_28578\CRX_INSTALL\_locales\zh_TW\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\DECODED_IMAGES
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\DECODED_MESSAGE_CATALOGS
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\youtube.crx
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\128.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\manifest.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ar\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\bg\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ca\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\cs\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\da\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\de\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\el\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\en\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\es\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\fi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\fil\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\fr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\he\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\hi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\hr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\hu\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\id\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\it\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ja\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ko\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\lt\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\lv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\nl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\no\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\pl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\pt_BR\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\pt_PT\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ro\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\ru\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\sk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\sl\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\sr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\sv\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\th\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\tr\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\uk\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\vi\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\zh_CN\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\scoped_dir_6904_4920\CRX_INSTALL\_locales\zh_TW\messages.json
Deleted file - C:\Users\Susan\AppData\Local\Temp\sprite\eco_icons_sprite.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\sprite\eco_top_bar.png
Deleted file - C:\Users\Susan\AppData\Local\Temp\TiInst\Amsp_Event.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\TiInst\_AMSP_INST_-2014-11-05.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Trend Micro\UniClient\Debug\Amsp_Event.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Trend Micro\UniClient\Debug\TmdShell.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\Trend Micro\UniClient\Debug\TmUpdateTray.log
Deleted file - C:\Users\Susan\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
Deleted file - C:\Users\Susan\AppData\Local\Temp\{3DB36AD7-D469-4F61-B1DC-06DD6D399C3D}\ISBEW64.exe
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0404.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0406.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0407.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0409.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x040a.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x040b.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x040c.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0410.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0411.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0412.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0413.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0414.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0416.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x041d.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0804.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\0x0816.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\1033.MST
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\Message Center Plus.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\Setup.INI
Deleted file - C:\Users\Susan\AppData\Local\Temp\{66328D23-D974-40BE-A062-122E173527DA}\_ISMSIDEL.INI
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0404.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0406.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0407.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0409.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x040a.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x040b.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x040c.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0410.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0411.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0412.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0413.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0414.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0416.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x041d.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0804.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\0x0816.ini
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\1033.MST
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\Message Center Plus.msi
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\Setup.INI
Deleted file - C:\Users\Susan\AppData\Local\Temp\{94528653-9A01-40FE-8D50-16CD8171B73F}\_ISMSIDEL.INI
Deleted file - C:\Windows\Temp\AEI56A9.tmp
Deleted file - C:\Windows\Temp\AppAndDeviceInventory.log
Deleted file - C:\Windows\Temp\C2RIntegrator(201411051811471054).log
Deleted file - C:\Windows\Temp\C2RIntegrator(201411141654351C34).log
Deleted file - C:\Windows\Temp\cab_10096_2
Deleted file - C:\Windows\Temp\cab_10096_3
Deleted file - C:\Windows\Temp\cab_10096_4
Deleted file - C:\Windows\Temp\cab_10096_5
Deleted file - C:\Windows\Temp\cab_10096_6
Deleted file - C:\Windows\Temp\cab_6568_2
Deleted file - C:\Windows\Temp\cab_6568_3
Deleted file - C:\Windows\Temp\cab_6568_4
Deleted file - C:\Windows\Temp\cab_6568_5
Deleted file - C:\Windows\Temp\cab_6568_6
Deleted file - C:\Windows\Temp\cab_8404_2
Deleted file - C:\Windows\Temp\cab_8404_3
Deleted file - C:\Windows\Temp\cab_8404_4
Deleted file - C:\Windows\Temp\cab_8404_5
Deleted file - C:\Windows\Temp\cab_8404_6
Deleted file - C:\Windows\Temp\cab_8676_2
Deleted file - C:\Windows\Temp\cab_8676_3
Deleted file - C:\Windows\Temp\cab_8676_4
Deleted file - C:\Windows\Temp\cab_8676_5
Deleted file - C:\Windows\Temp\cab_8676_6
Deleted file - C:\Windows\Temp\chrome_installer.log
Deleted file - C:\Windows\Temp\Cookies
Deleted file - C:\Windows\Temp\dd_NDP45-KB2898869-x64_decompression_log.txt
Deleted file - C:\Windows\Temp\dd_NDP45-KB2978128-x64_decompression_log.txt
Deleted file - C:\Windows\Temp\DMI7A6C.tmp
Deleted file - C:\Windows\Temp\DMI7D0B.tmp
Deleted file - C:\Windows\Temp\DMI85B2.tmp
Deleted file - C:\Windows\Temp\DMI8AC1.tmp
Deleted file - C:\Windows\Temp\DMI8CE3.tmp
Deleted file - C:\Windows\Temp\DMI9404.tmp
Deleted file - C:\Windows\Temp\DMIA005.tmp
Deleted file - C:\Windows\Temp\DMIA0E0.tmp
Deleted file - C:\Windows\Temp\DMIADAC.tmp
Deleted file - C:\Windows\Temp\DMIAE86.tmp
Deleted file - C:\Windows\Temp\DMIB8D3.tmp
Deleted file - C:\Windows\Temp\DMIBBCF.tmp
Deleted file - C:\Windows\Temp\DMID7E7.tmp
Deleted file - C:\Windows\Temp\DMIDD05.tmp
Deleted file - C:\Windows\Temp\DMIEBB5.tmp
Deleted file - C:\Windows\Temp\DMIECE.tmp
Deleted file - C:\Windows\Temp\DMIED0C.tmp
Deleted file - C:\Windows\Temp\fwtsqmfile00.sqm
Deleted file - C:\Windows\Temp\fwtsqmfile01.sqm
Deleted file - C:\Windows\Temp\fwtsqmfile02.sqm
Deleted file - C:\Windows\Temp\FXSAPIDebugLogFile.txt
Deleted file - C:\Windows\Temp\FXSTIFFDebugLogFile.txt
Deleted file - C:\Windows\Temp\KB2898869_20141107_030233787-Microsoft .NET Framework 4.5.1-MSP0.txt
Deleted file - C:\Windows\Temp\KB2898869_20141107_030233787.html
Deleted file - C:\Windows\Temp\KB2978128_20141112_030547462-Microsoft .NET Framework 4.5.1-MSP0.txt
Deleted file - C:\Windows\Temp\KB2978128_20141112_030547462.html
Deleted file - C:\Windows\Temp\MpCmdRun.log
Deleted file - C:\Windows\Temp\MSI1c995.LOG
Deleted file - C:\Windows\Temp\MSI4fd52.LOG
Deleted file - C:\Windows\Temp\MSIe1eb7.LOG
C:\Windows\Temp\NitroUpdateService.slog
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20141106064428858).log
Deleted file - C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20141129184354898).log
Deleted file - C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201412011606238AC).log
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20141206075005880).log
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\Temp\officeclicktorun.exe_streamserver(20141106064428858).log
Deleted file - C:\Windows\Temp\officeclicktorun.exe_streamserver(20141129184354898).log
Deleted file - C:\Windows\Temp\officeclicktorun.exe_streamserver(201412011606238AC).log
C:\Windows\Temp\officeclicktorun.exe_streamserver(20141206075005880).log
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\Temp\ood_stream.x86.en-us.dat
Deleted file - C:\Windows\Temp\ood_stream.x86.x-none.dat
Deleted file - C:\Windows\Temp\SPL4EDB.tmp
Deleted file - C:\Windows\Temp\SPLB31C.tmp
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1708.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1805.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1818.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1834.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1839.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1854.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1920.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1927.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141105-1942.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0644.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0659.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0729.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0759.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0839.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0840.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-0856.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1030.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1046.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1232.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1247.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1317.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141106-1347.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141107-0602.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1023.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1033.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1038.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1108.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1138.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1147.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1202.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1203.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1218.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1322.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1341.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1356.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1404.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1419.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1449.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1451.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1506.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1522.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1535.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1550.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1620.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-1650.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2034.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2041.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2050.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2057.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2112.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2123.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141110-2138.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141111-0539.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141111-1639.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141111-1654.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141111-1724.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-0300.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-0324.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-0340.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-0600.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-1802.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-1817.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-1849.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141112-1919.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141113-1624.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141113-1639.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141114-0548.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141114-1634.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141114-1649.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141114-1654.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141114-1654a.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141116-1423.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141117-1602.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141117-1617.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141117-1647.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141117-1717.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141118-0557.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141118-1602.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141118-1617.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141118-1804.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141118-1833.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141119-0317.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141119-0332.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141119-0545.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141119-1524.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141119-1539.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141120-0608.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141120-1558.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141120-1613.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141120-1823.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141120-1853.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-0655.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-0836.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-0851.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-0921.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-0951.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-1319.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-1334.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-1349.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141121-1404.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141122-0734.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141122-0804.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141123-0750.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-0751.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-0806.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1607.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1608.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1623.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1653.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1723.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1919.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141124-1934.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141125-0557.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141126-0628.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141126-0643.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141126-0713.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141126-0743.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1035.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1045.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1050.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1310.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1551.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1621.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1651.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1937.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141128-1952.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0819.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0849.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0907.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0917.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0932.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-0956.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1011.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1041.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1111.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1119.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1134.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1204.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1234.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1843.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1858.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1928.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141129-1958.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141130-0607.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-0318.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-0333.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-0539.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-1606.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-1621.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-1651.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141201-1721.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141202-1454.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141202-1504.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141202-1509.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141202-1539.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141202-1732.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-0545.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-0600.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-0630.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-0700.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1044.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1059.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1129.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1138.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1150.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1202.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1217.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1232.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1247.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1248.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1304.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1334.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141204-1404.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-0549.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1306.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1321.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1351.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1359.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1414.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1444.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141205-1514.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141206-0724.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141206-0739.log
Deleted file - C:\Windows\Temp\SUSAN-PC-20141206-0747.log
C:\Windows\Temp\SUSAN-PC-20141206-0750.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\Windows\Temp\tmp6315.tmp
Deleted file - C:\Windows\Temp\tmp649C.tmp
Deleted file - C:\Windows\Temp\tmp6863.tmp
Deleted file - C:\Windows\Temp\tmp6864.tmp
Deleted file - C:\Windows\Temp\tmp699A.tmp
Deleted file - C:\Windows\Temp\tmp699B.tmp
Deleted file - C:\Windows\Temp\tmp9F9D.tmp
Deleted file - C:\Windows\Temp\tmp9FEC.tmp
Deleted file - C:\Windows\Temp\tmpB4DF.tmp
Deleted file - C:\Windows\Temp\tmpB4F0.tmp
Deleted file - C:\Windows\Temp\tmpC6C7.tmp
Deleted file - C:\Windows\Temp\tmpC6C8.tmp
Deleted file - C:\Windows\Temp\TS_6FA4.tmp
Deleted file - C:\Windows\Temp\TS_758E.tmp
Deleted file - C:\Windows\Temp\TS_77B1.tmp
Deleted file - C:\Windows\Temp\TS_81BD.tmp
Deleted file - C:\Windows\Temp\TS_83B1.tmp
Deleted file - C:\Windows\Temp\TS_ADAC.tmp
Deleted file - C:\Windows\Temp\TS_B676.tmp
Deleted file - C:\Windows\Temp\TS_C3FE.tmp
Deleted file - C:\Windows\Temp\TS_CE85.tmp
Deleted file - C:\Windows\Temp\TS_CFBE.tmp
Deleted file - C:\Windows\Temp\TS_DFC9.tmp
Deleted file - C:\Windows\Temp\TS_E382.tmp
Deleted file - C:\Windows\Temp\TS_E7F6.tmp
Deleted file - C:\Windows\Temp\TS_F81D.tmp
Deleted file - C:\Windows\Temp\UDDF0CD.tmp
Deleted file - C:\Windows\Temp\WER57E4.tmp.appcompat.txt
Deleted file - C:\Windows\Temp\WER596B.tmp.WERInternalMetadata.xml
Deleted file - C:\Windows\Temp\WER596C.tmp.hdmp
Deleted file - C:\Windows\Temp\8cc935363ae34d73914a97247d878497\.inuse
Deleted file - C:\Windows\Temp\8cc935363ae34d73914a97247d878497\b.13e1cabb565cbb82730aab6c35b96a2bc5ae80bf
Deleted file - C:\Windows\Temp\ClientCab005200A4\i641033.cab
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\CompatData_2014_11_15_07_12_40_1_000001ff.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\compatscancache.dat
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\DeviceGroupingRules.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\diagerr.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\diagwrn.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\PreliminaryReport.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\setupact.log
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\setuperr.log
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\TelemetryTransform.xsl
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WicaDeviceFilters.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_Devices_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_MigXml_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_Programs_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_QueryAppBlock_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_QueryBiosBlock_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_QueryDeviceBlock_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_SystemReport_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_System_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\WICA_TelemetryReport_SUSAN-PC.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Windows_TelemetryData.xml
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00000077bc5499187bd88bf431be0699edc9b841c77d.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00000244bfc98c60e67b28f6f5fcf2a07fc8b91923c1.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000049c365a4a97779934f74dd4bbfcfb601164c859.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00000886527069105cf11d7fe3ac5af9323f23e1bb43.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000095d897c2a167a5f8b16d347254aa07ad9c2953d.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00000aeefe8a31021d1b69dde6864b8a0ce72b6b9f41.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00000ea4a67ca6c38f1e2a66d3b8e808e3058066b5e1.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00001004f689fbc16d4a0dfd6513d1b22318e37b4b8e.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00001338933cfda6acc5980cb45f9d47a2c4fe499a36.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000170f76fa39273109f9646d95487b46779e09a6de.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00002732c1018e17c949d2190b9814978f915ff1d3dc.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00002dd21419c4bd0d985c746695945bd380f195d71e.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00002e1864afa1772ad33ccd64833f957e9567dd053e.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000307b0c8e2cd7e737465eab97c5754ea2638cae53.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000315cb848aba27ade831a3e1a2ef174c254aeb13f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000034173e6e837bb8014e5dfa09cd95b7425d41c865.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00003febe643e5313b1925fc7c8e6e37dd82a5f2bcfc.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00004ccbf71f6dbd668cd5e32ed0011f2f5f96e50932.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000516a7faca95a8bb7043512c88ce4911f6e9a2558.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000534a4466e09202052abe74c9c47f76b38b7827ee.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00005590318f4d044ae320323353c714e0b5268e6130.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000059d83c23974eeaee9d2e4d4821b3783f931920d4.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00005fb89aea50b4c396d7d6b718e2267129394297fc.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000061dfea2b4579cc156a2bbaa5d57e80b795538bb4.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000065de2bac057882c282392368887002ad459e9915.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006610969286c73f30b65e8289c800d917e98bad0e.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006621b43dbefbd4bcf95c493604560be8ca719c66.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006888e5fcd7a0b53a8439ce112004974f3cc47631.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006a226aaed86403af5abad65c71d6972f4d777f9a.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006db7cb40f478bbe7fa13a17c61059898887ef056.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00006ed4f5c43fd265afe13a21c8e804b65f3d6bbafb.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000070618e3061fdefa6dfc6aa12aa19ffbce0d74a3f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00007321a03e265f40bd4d4c282879e4ae819a8d86be.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000785d9f152429d55001258cd8559cba68bd72a743.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00007c7592fe5df0891348fe0a8ac4801f65b6e9527d.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00007ea1f4b50099a401f1bf1734c9f41e1aac31c43e.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000849de355a52976b72c4a16acd8072e8b9071796c.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_000086d9bb5a21b0e1edf658dd1fd35c0e77eacb1fb8.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00008767486564af0ff94cf9b9d50ac7a9dde2121ff4.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00008bd242e28e7d096dec9e9a4d292562fd4a6bc73f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00008d8e1c973047adc03db1cd36ee59575ca5ca6e7a.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00009bb37b408ab912c52c6369a6ef6eca8f36a026b2.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00009d046670b0f8404110d14c77a54fe0145e8857e9.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_00009d42bf6f8a89ac7ec0ee5a36daf8cba6a3599043.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000a102d239eacf41f638e609ff0aefa3034982d00f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000a26e74facfe89ef15b68f1282454654b3aa1f75f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000a472eea5168ea189bd9cdbd3d231f84623c00551.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000a62818101eea7fae0d881001c1aad58068dbd2df.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000a7df0171b1c89a76055a83663ed43505f1323fff.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000adde97b34e8eaeccb9d6461c1e7c00462f5f567d.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000b51d5ae501ac0ac60bebc60e0f7598e22689f923.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000ba555be93953685417dcb578fb5d19e784de5b7b.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000bbe11d19e5659297cfdeaa373b68be0ad3fefbe3.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000bc5818868bba45a0e112518ae8b4393e08efb0a9.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000bcc7319ebdc92210d3d3c22faff0db6feea00264.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000bd5009eead95cb2c33d3fbd721a3c878fec03415.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000cda47aa0503c30b4ba791aa9214c80e2862d3445.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000cdaf1fda04b9da76b2900f1e8e5dcca4d566ed6c.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000d024cab656c55c25a7927f67200e31bf146ed389.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000d56d01f0abf1e3311b640331187ead41d01435de.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000dbfd152252cbfc504a987fc80cb8f15b615d9278.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000dc85afcf2724cf2d9c0671d6b46a01ce4c451676.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000e5aecd9dfe12f8dd9c2e41fea12611f9ad462bb5.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000eea4151c1750baed9c98cdd5f5080a1ffa5dce80.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000f15cc17a13115cbd52518f8b76d26dc415da6b7b.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000f263f54f0ff27742a1e55e83d9fec7ccbec170f6.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000f667b0b403912ca5ed6952adcf6d620dc235406f.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000fb5ad2df792ca2f9b2c2a332e479becd5f5efdc0.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\appicon_0000fe1cce04362c494687526e96037823b63ab8dce7.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{34446e8e-37b4-4b16-9da6-bea2db33465a}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{36fc9e60-c465-11cf-8056-444553540000}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e966-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e967-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e968-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e96a-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e96b-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e96c-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e96e-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e96f-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e970-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e972-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{4d36e97d-e325-11ce-bfc1-08002be10318}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{50127dc3-0f36-415e-a6cc-4cb3be910b65}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{53d29ef7-377c-4d14-864b-eb3a85769359}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{624e2be2-3c4c-4303-8cc7-8c318f348d03}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{6bdd1fc6-810f-11d0-bec7-08002be2092f}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{72631e54-78a4-11d0-bcf7-00aa00b7b32a}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{745a17a0-74d3-11d0-b6fe-00a0c90f57da}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{9d2fe6d0-9b76-11db-b606-0800200c9a66}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\classicon_{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}.png
Deleted file - C:\Windows\Temp\CompatTelemetryLogs\Img\ID_SECUREBOOT_INCAPABLE.png
Deleted file - C:\Windows\Temp\CR_BAA63.tmp\SETUP_PATCH.PACKED.7Z
Deleted file - C:\Windows\Temp\PBKDIR\AUTORUN.INF
Deleted file - C:\Windows\Temp\PBKDIR\Custom.ini
Deleted file - C:\Windows\Temp\PBKDIR\data1.cab
Deleted file - C:\Windows\Temp\PBKDIR\data1.hdr
Deleted file - C:\Windows\Temp\PBKDIR\data2.cab
Deleted file - C:\Windows\Temp\PBKDIR\Default.reg
Deleted file - C:\Windows\Temp\PBKDIR\ikernel.ex_
Deleted file - C:\Windows\Temp\PBKDIR\info.ini
Deleted file - C:\Windows\Temp\PBKDIR\layout.bin
Deleted file - C:\Windows\Temp\PBKDIR\PowerBackup.ico
Deleted file - C:\Windows\Temp\PBKDIR\Product.ini
Deleted file - C:\Windows\Temp\PBKDIR\Setup.exe
Deleted file - C:\Windows\Temp\PBKDIR\Setup.exe.manifest
Deleted file - C:\Windows\Temp\PBKDIR\Setup.ini
Deleted file - C:\Windows\Temp\PBKDIR\setup.inx
Deleted file - C:\Windows\Temp\PBKDIR\setup.iss
Deleted file - C:\Windows\Temp\PBKDIR\unsetup.iss
Deleted file - C:\Windows\Temp\PBKDIR\ureg.ini
Deleted file - C:\Windows\Temp\TiInst\EzInstallEzIns_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\EzInstallTiPreAU_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_InstallUCWrapper_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_msiexec34b4.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_Setup_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_ShortCut_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_TiPreAU_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_TmCompDB_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_TmSetAcl_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_TmSettingCombine_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_TmSystemChecking_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiInst\_Trend_Vizor_VizorHtmlDialog_S-1-5-21-3404508016-2002458042-3075331148-1001.log
Deleted file - C:\Windows\Temp\TiPreAU\iaudata\iaudata5a\download\8.0.1192_b3e3421f-213f-4267-ad37-c053b58f526f.7z
Deleted file - C:\Windows\Temp\TiPreAU\iaudata\iaudata5a\index\c17t1700v8.0.0l1p5889r1o1.etag
Deleted file - C:\Windows\Temp\TiPreAU\iaudata\iaudata5a\index\c17t1700v8.0.0l1p5889r1o1.inx
Deleted file - C:\Windows\Temp\TiPreAU\iaulog\iau.log
Deleted file - C:\Windows\Temp\TiPreAU\iaulog\TmuDump.txt
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\ATTK.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\SupportTool.log
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\___GeneratedbyATTK___
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\ATTKCli.bin
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\Config.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\DebugLogOff.reg
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\DebugLogOn.reg
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\dlstr.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\hccli.log
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\hclib.log
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\hc_core.dll
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\Housecall.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\LanguageMap.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\libexpatw.dll
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\License.txt
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\LinkRule.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\tmcomm.cat
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\tmcomm.inf
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\tmcomm.sys
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\TmEngDrv.dll
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\history.log
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\action.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\assessreport.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\backupreport.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\cleanreport.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\configuration.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\detectreport.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\log\6BC1C4D6-184B-4ECF-8C48-0C6603038D01\scanreport.xml
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\pattern\HCClean.custom.ptn
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\pattern\tmwlchk.ptn
Deleted file - C:\Windows\Temp\TrendMicro AntiThreat Toolkit\Output\2014.11.05-1839.43_12A4FD3B-004E-007B-00C3-0047BEF9AC57_1626.zip
Deleted file - C:\Windows\Temp\Updates\Detection\Version005200A4\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version01320264\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version02400480\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version02480490\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version02A40548\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version03D607AC\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version06140C28\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version0E641CC8\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version0E9A1D34\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version13042608\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version17662ECC\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version17B62F6C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version1A343468\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version1E583CB0\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version1E7C3CF8\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version20FE41FC\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version247048E0\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version24E049C0\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version25B64B6C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version27664ECC\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version2A7854F0\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version2A8E551C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version2C925924\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version317C62F8\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version35A86B50\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version35AE6B5C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version36526CA4\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version38987130\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version38D071A0\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version3C3E787C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version43008600\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4426884C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version49029204\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4C16982C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4C1A9834\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4C1E983C\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4C6C98D8\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4C6E98DC\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4D4C9A98\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version4DD29BA4\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5238A470\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5240A480\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version56B0AD61\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5880B101\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version59ACB359\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5A24B449\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5CDCB9B9\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5D4CBA99\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version5F56BEAD\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version6038C071\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version60BCC179\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version612EC25D\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version6476C8ED\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version6E3CDC79\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version7218E431\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version7366E6CD\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version7606EC0D\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version764AEC95\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version7AD8F5B1\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version837706ED\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version85170A2D\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version881B1035\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version89C91391\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version8A131425\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version8D871B0D\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version8DC11B81\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9047208D\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version92392471\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version95C32B85\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version96A12D41\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version98853109\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9A0B3415\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9A0D3419\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9B6F36DD\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9B913721\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\Version9C8B3915\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionA0B94171\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionA55B4AB5\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionA66F4CDD\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionA75D4EB9\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionA9BD5379\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionACEB59D6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionAD5D5ABA\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionAE1B5C36\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionB5E36BC6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionB7896F12\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionBA07740E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionBF217E42\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionC6998D32\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionC7978F2E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionC887910E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionCA6B94D6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionCD779AEE\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionCF099E12\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionD2A5A54A\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionD713AE26\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionD7F9AFF2\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionDA43B486\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionDBE3B7C6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionDCBBB976\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionDF73BEE6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionE03FC07E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionE55DCABA\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionE7C1CF82\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionEB35D66A\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionECFBD9F6\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF167E2CE\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF3A5E74A\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF3F7E7EE\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF4B5E96A\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF4C1E982\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionF687ED0E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionFCC1F982\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionFD0FFA1E\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionFF2DFE5A\v32.cab
Deleted file - C:\Windows\Temp\Updates\Detection\VersionFFEBFFD6\v32.cab


#15 spike1226

spike1226
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 06 December 2014 - 10:10 AM

I did not get a log for proxy settings but I did see it run and confirmed..I have restarted the computer at looked at settings and it seems that the proxy is no longer checked....will review if it stays this way






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users