Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that Seems to Be Running in the Background


  • This topic is locked This topic is locked
29 replies to this topic

#1 dhneedham

dhneedham

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 March 2015 - 11:23 PM

I think I have a virus running in the background of my computer.  It's keeping my computer fan running constantly and the task manager seems to show a big percentage spike in usage sometimes when nothing is really happening.  I just got this computer a couple months ago so I don't think the fan is dirty, and it has really good features.  I've tried running a few antivirus programs and reinstalling Windows after deleting everything but that doesn't seem to be working.  I've pasted my FRST log below and attached the addition log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by David (administrator) on Lenovo-PC on 18-03-2015 00:10:02
Running from C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\HS6W1F3W
Loaded Profiles: David (Available profiles: David)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
() C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pokki) C:\Users\David\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720696 2013-09-27] (SunplusIT, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1693113198-3919520079-1835859029-1001 -> DefaultScope {1659E0D7-70B4-496B-8724-B4145F6A95EE} URL =
SearchScopes: HKU\S-1-5-21-1693113198-3919520079-1835859029-1001 -> {1659E0D7-70B4-496B-8724-B4145F6A95EE} URL =
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn [2015-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-03-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\Exts\Chrome.crx [2015-01-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-14] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-04] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-17] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-20] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1844024 2013-12-18] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\NIS.exe [275696 2013-08-16] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2014-02-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [322608 2014-02-12] (Lenovo Group Limited)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [40848 2013-10-28] (Validity Sensors, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [1525336 2013-08-13] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1500000.064\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [119240 2013-10-14] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20130805.011\IDSVia64.sys [520280 2013-08-05] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-10-04] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20130814.018\ENG64.SYS [126040 2013-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20130814.018\EX64.SYS [2100312 2013-08-14] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-03-31] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-25] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1515256 2013-10-09] (Sunplus)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSP64.SYS [854616 2013-07-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1500000.064\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1500000.064\SYMEFA64.SYS [1147480 2013-08-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1500000.064\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1500000.064\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1500000.064\SYMNETS.SYS [590424 2013-07-31] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 03:37 - 2015-03-18 03:37 - 00000000 ____D () C:\windows\CSC
2015-03-18 03:32 - 2015-03-18 03:32 - 00000000 _____ () C:\Recovery.txt
2015-03-18 00:10 - 2015-03-18 00:10 - 00000000 ____D () C:\FRST
2015-03-17 23:57 - 2015-03-17 23:57 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieUserList
2015-03-17 23:57 - 2015-03-17 23:57 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieSiteList
2015-03-17 23:55 - 2015-03-17 23:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1693113198-3919520079-1835859029-1001
2015-03-17 23:54 - 2015-03-17 23:54 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-17 23:53 - 2015-03-17 23:53 - 00002365 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-03-17 23:53 - 2015-03-17 23:53 - 00002305 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-17 23:53 - 2015-03-17 23:53 - 00002134 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-03-17 23:51 - 2015-03-17 23:51 - 00000000 ___RD () C:\Users\David\OneDrive
2015-03-17 23:51 - 2015-03-17 23:51 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2015-03-17 23:50 - 2015-03-17 23:52 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
2015-03-17 23:50 - 2015-03-17 23:51 - 00000000 ____D () C:\Users\David\AppData\Local\Packages
2015-03-17 23:50 - 2015-03-17 23:50 - 00016332 _____ () C:\windows\system32\results.xml
2015-03-17 23:50 - 2015-03-17 23:50 - 00001457 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-17 23:50 - 2015-03-17 23:50 - 00000193 _____ () C:\Users\David\AppData\Local\RegisteredPackageInformation.xml
2015-03-17 23:50 - 2015-03-17 23:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nitro PDF
2015-03-17 23:50 - 2015-03-17 23:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\Intel
2015-03-17 23:50 - 2015-03-17 23:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2015-03-17 23:50 - 2015-03-17 23:50 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2015-03-17 23:49 - 2015-03-17 23:57 - 00000000 ____D () C:\Users\David\AppData\Local\Pokki
2015-03-17 23:49 - 2015-03-17 23:51 - 00000000 ____D () C:\Users\David
2015-03-17 23:49 - 2015-03-17 23:49 - 00000020 ___SH () C:\Users\David\ntuser.ini
2015-03-17 23:49 - 2015-01-21 04:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\Macromedia
2015-03-17 23:49 - 2015-01-21 04:00 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-17 23:49 - 2015-01-21 04:00 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-17 23:49 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-17 23:49 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-17 23:49 - 2013-12-11 22:40 - 00002092 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-03-17 23:49 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-17 23:49 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 03:37 - 2015-01-21 04:12 - 00000000 ____D () C:\ProgramData\Validity
2015-03-18 03:37 - 2015-01-21 04:02 - 00000000 ____D () C:\ProgramData\Intel
2015-03-18 03:32 - 2013-10-07 14:23 - 00001510 _____ () C:\windows\PFRO.log
2015-03-18 03:32 - 2013-08-22 11:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2015-03-18 03:32 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-18 03:32 - 2013-08-22 10:44 - 00335784 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-18 00:04 - 2015-01-21 03:47 - 00166790 _____ () C:\windows\WindowsUpdate.log
2015-03-18 00:00 - 2015-01-21 04:29 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-17 23:58 - 2015-01-21 04:10 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2015-03-17 23:58 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-17 23:57 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-17 23:52 - 2015-01-21 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-03-17 23:52 - 2015-01-21 04:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-03-17 23:51 - 2015-01-21 04:10 - 00000000 ____D () C:\Users\Public\Lenovo
2015-03-17 23:51 - 2015-01-21 04:01 - 00000000 ____D () C:\Program Files\Lenovo
2015-03-17 23:50 - 2015-01-21 04:16 - 00096854 _____ () C:\windows\modules.log
2015-03-17 23:50 - 2015-01-21 04:13 - 00000000 ____D () C:\ProgramData\Norton
2015-03-17 23:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-03-17 23:41 - 2013-10-07 14:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-03-17 23:50 - 2015-03-17 23:50 - 0000193 _____ () C:\Users\David\AppData\Local\RegisteredPackageInformation.xml
2015-01-21 04:03 - 2015-01-21 04:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-10-07 14:23

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 21 March 2015 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Pokki) C:\Users\David\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\David\AppData\Local\Pokki

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 dhneedham

dhneedham
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 21 March 2015 - 01:06 PM

Thanks for the help with this.  I did as you said and have attached the logs.  I believe the virus is still here because the fan is running a lot and the battery is draining really fast.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 22 March 2015 - 06:59 AM

Make sure you have all the latest security Updates from Microsoft.

===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Keep me posted.

#5 dhneedham

dhneedham
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 22 March 2015 - 02:05 PM

Below is the report for RougeKiller.  Please let me know what you think.

 

RogueKiller V10.5.6.0 [Mar 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Users\David\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/22/2015  15:02:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EraserUtilRebootDrv (\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13-comm.msn.com/?pc=LNJB  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13-comm.msn.com/?pc=LNJB  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7TE512HMHP-000L1 +++++
--- User ---
[MBR] f126b7ebd0660b2def5ae941d23e7f0f
[BSP] c0f27c90ad58f365257aad1023cb9d2e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2582528 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2844672 | Size: 466469 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 958173184 | Size: 13360 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 985534464 | Size: 7168 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03222015_150135.log



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 23 March 2015 - 07:11 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#7 dhneedham

dhneedham
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 23 March 2015 - 07:10 PM

I've pasted both logs below and attached the zip file.  TDS didn't find anything but I lost the log so reran it after aswMBR a second time so I could paste the log below.  Please let me know what you think.

 

***

 

20:02:58.0674 0x0a80 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04

20:02:58.0674 0x0a80 UEFI system

20:03:00.0862 0x0a80 ============================================================

20:03:00.0862 0x0a80 Current date / time: 2015/03/23 20:03:00.0862

20:03:00.0862 0x0a80 SystemInfo:

20:03:00.0862 0x0a80

20:03:00.0862 0x0a80 OS Version: 6.3.9600 ServicePack: 0.0

20:03:00.0862 0x0a80 Product type: Workstation

20:03:00.0862 0x0a80 ComputerName: LENOVO-PC

20:03:00.0862 0x0a80 UserName: David

20:03:00.0862 0x0a80 Windows directory: C:\windows

20:03:00.0862 0x0a80 System windows directory: C:\windows

20:03:00.0862 0x0a80 Running under WOW64

20:03:00.0862 0x0a80 Processor architecture: Intel x64

20:03:00.0862 0x0a80 Number of processors: 4

20:03:00.0862 0x0a80 Page size: 0x1000

20:03:00.0862 0x0a80 Boot type: Normal boot

20:03:00.0862 0x0a80 ============================================================

20:03:00.0987 0x0a80 KLMD registered as C:\windows\system32\drivers\41640355.sys

20:03:01.0096 0x0a80 System UUID: {F4B694F3-5112-85DA-C44E-8A347A95B2E7}

20:03:01.0487 0x0a80 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:03:01.0487 0x0a80 ============================================================

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0:

20:03:01.0487 0x0a80 GPT partitions:

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {614A8724-0412-4382-A2DD-94FF2F6124BA}, Name: , StartLBA 0x800, BlocksNum 0x1F4000

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {29D7658C-C9BE-4C89-B3AC-9516EB694BEC}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3211BE1C-58BE-4F39-8DFA-5934CFEEA4A6}, Name: Microsoft reserved partition, StartLBA 0x276800, BlocksNum 0x40000

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {19ED5EB9-4316-4217-86C0-FB003A276BD6}, Name: Basic data partition, StartLBA 0x2B6800, BlocksNum 0x38F12800

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {84BF8BBF-CA9C-4024-AB4D-C6C473CE9B8B}, Name: , StartLBA 0x391C9000, BlocksNum 0x1A18000

20:03:01.0487 0x0a80 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {F86E8D4F-2C7C-4029-8F99-A7565372F4D7}, Name: Basic data partition, StartLBA 0x3ABE1000, BlocksNum 0xE00000

20:03:01.0487 0x0a80 MBR partitions:

20:03:01.0487 0x0a80 ============================================================

20:03:01.0487 0x0a80 C: <-> \Device\Harddisk0\DR0\Partition4

20:03:01.0487 0x0a80 ============================================================

20:03:01.0487 0x0a80 Initialize success

20:03:01.0487 0x0a80 ============================================================

20:03:02.0815 0x11a0 ============================================================

20:03:02.0815 0x11a0 Scan started

20:03:02.0815 0x11a0 Mode: Manual;

20:03:02.0815 0x11a0 ============================================================

20:03:02.0815 0x11a0 KSN ping started

20:03:25.0456 0x11a0 KSN ping finished: true

20:03:25.0831 0x11a0 ================ Scan system memory ========================

20:03:25.0831 0x11a0 System memory - ok

20:03:25.0831 0x11a0 ================ Scan services =============================

20:03:25.0862 0x11a0 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys

20:03:25.0862 0x11a0 1394ohci - ok

20:03:25.0878 0x11a0 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\windows\system32\drivers\3ware.sys

20:03:25.0878 0x11a0 3ware - ok

20:03:25.0893 0x11a0 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\windows\system32\drivers\ACPI.sys

20:03:25.0893 0x11a0 ACPI - ok

20:03:25.0909 0x11a0 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\windows\system32\Drivers\acpiex.sys

20:03:25.0909 0x11a0 acpiex - ok

20:03:25.0909 0x11a0 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\windows\System32\drivers\acpipagr.sys

20:03:25.0909 0x11a0 acpipagr - ok

20:03:25.0909 0x11a0 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys

20:03:25.0909 0x11a0 AcpiPmi - ok

20:03:25.0909 0x11a0 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\windows\System32\drivers\acpitime.sys

20:03:25.0909 0x11a0 acpitime - ok

20:03:25.0940 0x11a0 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\windows\system32\drivers\ADP80XX.SYS

20:03:25.0940 0x11a0 ADP80XX - ok

20:03:25.0956 0x11a0 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\windows\System32\aelupsvc.dll

20:03:25.0956 0x11a0 AeLookupSvc - ok

20:03:25.0971 0x11a0 [ 239268BAB58EAE9A3FF4E08334C00451, 13F927730DF9BAEDB3A7AB6F7238270A20E4CDEB3D5324A1C471DF2209F3D239 ] AFD C:\windows\system32\drivers\afd.sys

20:03:25.0971 0x11a0 AFD - ok

20:03:25.0987 0x11a0 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\windows\system32\drivers\agp440.sys

20:03:25.0987 0x11a0 agp440 - ok

20:03:25.0987 0x11a0 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\windows\system32\DRIVERS\ahcache.sys

20:03:25.0987 0x11a0 ahcache - ok

20:03:25.0987 0x11a0 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\windows\System32\alg.exe

20:03:26.0003 0x11a0 ALG - ok

20:03:26.0003 0x11a0 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\windows\System32\drivers\amdk8.sys

20:03:26.0003 0x11a0 AmdK8 - ok

20:03:26.0003 0x11a0 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\windows\System32\drivers\amdppm.sys

20:03:26.0003 0x11a0 AmdPPM - ok

20:03:26.0018 0x11a0 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\windows\system32\drivers\amdsata.sys

20:03:26.0018 0x11a0 amdsata - ok

20:03:26.0018 0x11a0 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys

20:03:26.0018 0x11a0 amdsbs - ok

20:03:26.0034 0x11a0 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\windows\system32\drivers\amdxata.sys

20:03:26.0034 0x11a0 amdxata - ok

20:03:26.0034 0x11a0 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\windows\system32\drivers\appid.sys

20:03:26.0034 0x11a0 AppID - ok

20:03:26.0034 0x11a0 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\windows\System32\appidsvc.dll

20:03:26.0034 0x11a0 AppIDSvc - ok

20:03:26.0050 0x11a0 [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\windows\System32\appinfo.dll

20:03:26.0050 0x11a0 Appinfo - ok

20:03:26.0050 0x11a0 [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt C:\windows\System32\appmgmts.dll

20:03:26.0050 0x11a0 AppMgmt - ok

20:03:26.0065 0x11a0 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\windows\system32\AppReadiness.dll

20:03:26.0081 0x11a0 AppReadiness - ok

20:03:26.0096 0x11a0 [ 9A8C4EE9EA18AD4D80A8C3870684179B, 3D516486C85457725FCE8DA42B88A8B357924C0B319183AE061416A12DB4C072 ] AppXSvc C:\windows\system32\appxdeploymentserver.dll

20:03:26.0112 0x11a0 AppXSvc - ok

20:03:26.0128 0x11a0 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\windows\system32\drivers\arcsas.sys

20:03:26.0128 0x11a0 arcsas - ok

20:03:26.0128 0x11a0 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\windows\system32\drivers\atapi.sys

20:03:26.0128 0x11a0 atapi - ok

20:03:26.0143 0x11a0 [ 8FF022CAB626BD2D76A1E4B841187CD6, 7DFCB11CA2192AA9A2F0B611F69838A868C0C16BA2A7C29F7065970CF3BC513C ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll

20:03:26.0143 0x11a0 AudioEndpointBuilder - ok

20:03:26.0159 0x11a0 [ BE43F17369D157F182ABA33A7F4DF6AF, 41393D85F7C86F6130CD2CB43DA4AC5B0123A30368659F81EB410E0412B822ED ] Audiosrv C:\windows\System32\Audiosrv.dll

20:03:26.0175 0x11a0 Audiosrv - ok

20:03:26.0190 0x11a0 [ 8DDCC2A7AA316354C65D62C64BC508BE, F2EC1E95E8469D1AB679A2B9A3CC4A7614359A47FB06E206E3530CB81E60E6CC ] AVControlCenter C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe

20:03:26.0190 0x11a0 AVControlCenter - ok

20:03:26.0206 0x11a0 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\windows\System32\AxInstSV.dll

20:03:26.0206 0x11a0 AxInstSV - ok

20:03:26.0221 0x11a0 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

20:03:26.0221 0x11a0 b06bdrv - ok

20:03:26.0221 0x11a0 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys

20:03:26.0221 0x11a0 BasicDisplay - ok

20:03:26.0237 0x11a0 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\windows\System32\drivers\BasicRender.sys

20:03:26.0237 0x11a0 BasicRender - ok

20:03:26.0237 0x11a0 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\windows\System32\drivers\bcmfn2.sys

20:03:26.0237 0x11a0 bcmfn2 - ok

20:03:26.0253 0x11a0 [ BBE61A40665B83488901E41082A6097D, ADF750DB32E1295C57C03D587A60194529C8B83F90F433C3458288FB5E8F475B ] BDESVC C:\windows\System32\bdesvc.dll

20:03:26.0253 0x11a0 BDESVC - ok

20:03:26.0253 0x11a0 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\windows\system32\drivers\Beep.sys

20:03:26.0253 0x11a0 Beep - ok

20:03:26.0284 0x11a0 [ 6468B696C65775D51A06615830E0E79D, CC4081B3A4895192B4796A745F0BCE8C9C3149B854A7B9BEF84668A2E1D074B5 ] BFE C:\windows\System32\bfe.dll

20:03:26.0300 0x11a0 BFE - ok

20:03:26.0331 0x11a0 [ 99EE5EB9FCBAD85F1992C47C5BB68649, 604B618F0106B09207B262E22E70E152C4104FB2602C009F19EBEB342D0E9CE7 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150309.001\BHDrvx64.sys

20:03:26.0346 0x11a0 BHDrvx64 - ok

20:03:26.0362 0x11a0 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\windows\System32\qmgr.dll

20:03:26.0378 0x11a0 BITS - ok

20:03:26.0409 0x11a0 [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

20:03:26.0425 0x11a0 Bluetooth Device Monitor - ok

20:03:26.0456 0x11a0 [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

20:03:26.0471 0x11a0 Bluetooth OBEX Service - ok

20:03:26.0471 0x11a0 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\windows\system32\DRIVERS\bowser.sys

20:03:26.0471 0x11a0 bowser - ok

20:03:26.0487 0x11a0 [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\windows\System32\bisrv.dll

20:03:26.0487 0x11a0 BrokerInfrastructure - ok

20:03:26.0487 0x11a0 [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\windows\System32\browser.dll

20:03:26.0487 0x11a0 Browser - ok

20:03:26.0503 0x11a0 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys

20:03:26.0503 0x11a0 BthAvrcpTg - ok

20:03:26.0503 0x11a0 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\windows\System32\drivers\BthEnum.sys

20:03:26.0503 0x11a0 BthEnum - ok

20:03:26.0503 0x11a0 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys

20:03:26.0503 0x11a0 BthHFEnum - ok

20:03:26.0503 0x11a0 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys

20:03:26.0503 0x11a0 bthhfhid - ok

20:03:26.0518 0x11a0 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\windows\System32\drivers\BthLEEnum.sys

20:03:26.0518 0x11a0 BthLEEnum - ok

20:03:26.0518 0x11a0 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys

20:03:26.0518 0x11a0 BTHMODEM - ok

20:03:26.0534 0x11a0 [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

20:03:26.0534 0x11a0 BthPan - ok

20:03:26.0550 0x11a0 [ AB8CD3914AD779C15B27DDD9F53F7434, 6E9911C146A038192B95916387FA9D94D952BEFE158E6CBA44F1500A304221A3 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

20:03:26.0565 0x11a0 BTHPORT - ok

20:03:26.0581 0x11a0 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\windows\system32\bthserv.dll

20:03:26.0581 0x11a0 bthserv - ok

20:03:26.0581 0x11a0 [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

20:03:26.0581 0x11a0 BTHUSB - ok

20:03:26.0596 0x11a0 [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux C:\windows\system32\DRIVERS\btmaux.sys

20:03:26.0596 0x11a0 btmaux - ok

20:03:26.0628 0x11a0 [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys

20:03:26.0643 0x11a0 btmhsf - ok

20:03:26.0659 0x11a0 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys

20:03:26.0659 0x11a0 ccSet_NIS - ok

20:03:26.0659 0x11a0 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

20:03:26.0659 0x11a0 cdfs - ok

20:03:26.0675 0x11a0 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\windows\System32\drivers\cdrom.sys

20:03:26.0675 0x11a0 cdrom - ok

20:03:26.0675 0x11a0 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\windows\System32\certprop.dll

20:03:26.0675 0x11a0 CertPropSvc - ok

20:03:26.0690 0x11a0 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\windows\System32\drivers\circlass.sys

20:03:26.0690 0x11a0 circlass - ok

20:03:26.0690 0x11a0 [ 7F006813C2AFE622C13D7AF94F56CD07, 9F4AEEE19B44F4117BE036F1475CE2E91ED740EB7D8D38364F9724517F777482 ] CLFS C:\windows\system32\drivers\CLFS.sys

20:03:26.0706 0x11a0 CLFS - ok

20:03:26.0706 0x11a0 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\windows\System32\drivers\CmBatt.sys

20:03:26.0706 0x11a0 CmBatt - ok

20:03:26.0721 0x11a0 [ 9F8A99F7CAA41EDD607622DB3F3F3124, 614733EB55ACF8C6356DF7DC17A3559155E5C394E669D033ED6F02603C66E890 ] CNG C:\windows\system32\Drivers\cng.sys

20:03:26.0737 0x11a0 CNG - ok

20:03:26.0737 0x11a0 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys

20:03:26.0737 0x11a0 CompositeBus - ok

20:03:26.0737 0x11a0 COMSysApp - ok

20:03:26.0737 0x11a0 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\windows\system32\drivers\condrv.sys

20:03:26.0737 0x11a0 condrv - ok

20:03:26.0768 0x11a0 [ 4D0584098427237BD94D92006AF640AA, C6A48CF0318F2363E560C739232941C86003EE3175525081A8920005306444B4 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe

20:03:26.0768 0x11a0 cphs - ok

20:03:26.0768 0x11a0 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\windows\system32\cryptsvc.dll

20:03:26.0784 0x11a0 CryptSvc - ok

20:03:26.0784 0x11a0 [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC C:\windows\system32\drivers\csc.sys

20:03:26.0800 0x11a0 CSC - ok

20:03:26.0815 0x11a0 [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService C:\windows\System32\cscsvc.dll

20:03:26.0831 0x11a0 CscService - ok

20:03:26.0831 0x11a0 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\windows\system32\drivers\dam.sys

20:03:26.0831 0x11a0 dam - ok

20:03:26.0846 0x11a0 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\windows\system32\rpcss.dll

20:03:26.0862 0x11a0 DcomLaunch - ok

20:03:26.0878 0x11a0 [ 78089FCDE082FD4FA471C30A7C2DC736, C4816D7125C39290C3B0B1F580CEE8BB7FFC004F727EA9E9767671D3EDB946AE ] defragsvc C:\windows\System32\defragsvc.dll

20:03:26.0878 0x11a0 defragsvc - ok

20:03:26.0893 0x11a0 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\windows\system32\das.dll

20:03:26.0893 0x11a0 DeviceAssociationService - ok

20:03:26.0893 0x11a0 [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] DeviceInstall C:\windows\system32\umpnpmgr.dll

20:03:26.0909 0x11a0 DeviceInstall - ok

20:03:26.0909 0x11a0 [ 414686EF104910BA41DF66E83BDCD495, 8AF5C8F5265D7D973DB7F456289DB0FF952E421DACAAFA0ED11324E063990835 ] Dfsc C:\windows\system32\Drivers\dfsc.sys

20:03:26.0909 0x11a0 Dfsc - ok

20:03:26.0925 0x11a0 [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp C:\windows\system32\dhcpcore.dll

20:03:26.0925 0x11a0 Dhcp - ok

20:03:26.0925 0x11a0 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\windows\system32\drivers\disk.sys

20:03:26.0925 0x11a0 disk - ok

20:03:26.0940 0x11a0 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\windows\System32\drivers\dmvsc.sys

20:03:26.0940 0x11a0 dmvsc - ok

20:03:26.0940 0x11a0 [ 5BAF7714E68F93515A937A3FA8587EF9, DD9296F75341EF96D514139DD8A8680B332E9B9D476368AB897FDA2D5D674E60 ] Dnscache C:\windows\System32\dnsrslvr.dll

20:03:26.0956 0x11a0 Dnscache - ok

20:03:26.0956 0x11a0 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\windows\System32\dot3svc.dll

20:03:26.0956 0x11a0 dot3svc - ok

20:03:26.0971 0x11a0 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\windows\system32\dps.dll

20:03:26.0971 0x11a0 DPS - ok

20:03:26.0971 0x11a0 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\windows\system32\drivers\drmkaud.sys

20:03:26.0971 0x11a0 drmkaud - ok

20:03:26.0987 0x11a0 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll

20:03:26.0987 0x11a0 DsmSvc - ok

20:03:27.0018 0x11a0 [ 7E06A606CB61B88E0C59E23DD19914F7, FE325FDEC77AE70E66B7AE68D7823A24A30BB694C6B071B969C9E5A7718A76E5 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

20:03:27.0034 0x11a0 DXGKrnl - ok

20:03:27.0050 0x11a0 e1dexpress - ok

20:03:27.0050 0x11a0 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys

20:03:27.0065 0x11a0 e1iexpress - ok

20:03:27.0065 0x11a0 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\windows\System32\eapsvc.dll

20:03:27.0065 0x11a0 Eaphost - ok

20:03:27.0128 0x11a0 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\windows\system32\drivers\evbda.sys

20:03:27.0175 0x11a0 ebdrv - ok

20:03:27.0190 0x11a0 [ 47A68B3DBBB34D4FE61DE221A8536627, BC61CE4BD4F3A12C75BA6EB9D239F24CD3F54495DE9D6C901F4DAF5D92E8366B ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

20:03:27.0206 0x11a0 eeCtrl - ok

20:03:27.0206 0x11a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\windows\System32\lsass.exe

20:03:27.0206 0x11a0 EFS - ok

20:03:27.0206 0x11a0 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys

20:03:27.0206 0x11a0 EhStorClass - ok

20:03:27.0221 0x11a0 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys

20:03:27.0221 0x11a0 EhStorTcgDrv - ok

20:03:27.0221 0x11a0 [ B9773081AAF65E6D553496BA0CADCBB3, 3A77A12544755BFA1ABAA6DC53E5F03522627F57EF7092E3CC54C6431C75076A ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:03:27.0221 0x11a0 EraserUtilRebootDrv - ok

20:03:27.0221 0x11a0 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\windows\System32\drivers\errdev.sys

20:03:27.0221 0x11a0 ErrDev - ok

20:03:27.0237 0x11a0 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\windows\system32\es.dll

20:03:27.0253 0x11a0 EventSystem - ok

20:03:27.0268 0x11a0 [ 55588867D59BADA2F62E58618CE32B03, F7FAF420103272151194A475D6C8EF4449AFCED787AA3DF7C461370D828E522F ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

20:03:27.0268 0x11a0 EvtEng - ok

20:03:27.0284 0x11a0 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\windows\system32\drivers\exfat.sys

20:03:27.0284 0x11a0 exfat - ok

20:03:27.0284 0x11a0 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\windows\system32\drivers\fastfat.sys

20:03:27.0284 0x11a0 fastfat - ok

20:03:27.0300 0x11a0 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\windows\system32\fxssvc.exe

20:03:27.0315 0x11a0 Fax - ok

20:03:27.0315 0x11a0 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\windows\System32\drivers\fdc.sys

20:03:27.0315 0x11a0 fdc - ok

20:03:27.0331 0x11a0 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\windows\system32\fdPHost.dll

20:03:27.0331 0x11a0 fdPHost - ok

20:03:27.0331 0x11a0 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\windows\system32\fdrespub.dll

20:03:27.0331 0x11a0 FDResPub - ok

20:03:27.0331 0x11a0 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\windows\system32\fhsvc.dll

20:03:27.0331 0x11a0 fhsvc - ok

20:03:27.0346 0x11a0 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

20:03:27.0346 0x11a0 FileInfo - ok

20:03:27.0346 0x11a0 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\windows\system32\drivers\filetrace.sys

20:03:27.0346 0x11a0 Filetrace - ok

20:03:27.0346 0x11a0 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\windows\System32\drivers\flpydisk.sys

20:03:27.0346 0x11a0 flpydisk - ok

20:03:27.0362 0x11a0 [ 46D1DF775FFF14585218BBE16E5B2C9A, F39EF615B18CEC7BA3F68C7639B636C06812AD9DBEDE90EB7B2C04C64396FC9E ] FltMgr C:\windows\system32\drivers\fltmgr.sys

20:03:27.0362 0x11a0 FltMgr - ok

20:03:27.0393 0x11a0 [ 183CA7699474FDE235853967D1DA4D9B, 8FBD5997F1E39AFFD8C4322520DF4D2227279B5149017D825C188D7411BA99AF ] FontCache C:\windows\system32\FntCache.dll

20:03:27.0409 0x11a0 FontCache - ok

20:03:27.0425 0x11a0 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:03:27.0425 0x11a0 FontCache3.0.0.0 - ok

20:03:27.0425 0x11a0 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\windows\system32\drivers\FsDepends.sys

20:03:27.0425 0x11a0 FsDepends - ok

20:03:27.0425 0x11a0 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

20:03:27.0425 0x11a0 Fs_Rec - ok

20:03:27.0440 0x11a0 [ B2BD017231836DA9F63F41E3A075D73E, 31B1DD677FE8B4F90B8AB5A131DA0105439AC2D91BC0CEDC972D2D87E595A686 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

20:03:27.0456 0x11a0 fvevol - ok

20:03:27.0456 0x11a0 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\windows\System32\drivers\fxppm.sys

20:03:27.0456 0x11a0 FxPPM - ok

20:03:27.0456 0x11a0 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

20:03:27.0456 0x11a0 gagp30kx - ok

20:03:27.0456 0x11a0 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\windows\System32\drivers\vmgencounter.sys

20:03:27.0456 0x11a0 gencounter - ok

20:03:27.0471 0x11a0 [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys

20:03:27.0471 0x11a0 GPIOClx0101 - ok

20:03:27.0503 0x11a0 [ 58C11DCCC6241CC13861A559E31A69F0, 78B38BBC362C9209B06849CC79301EC595AFCE3E2BDE402A0B1F2725D3EDEFA3 ] gpsvc C:\windows\System32\gpsvc.dll

20:03:27.0518 0x11a0 gpsvc - ok

20:03:27.0534 0x11a0 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

20:03:27.0534 0x11a0 HdAudAddService - ok

20:03:27.0550 0x11a0 [ 03909BDBFF0DCACCABF2B2D4ADEE44DC, 42E631B23BB004F5C2128BAD334C21AB20FAD08AFED9E8191AE9373531BC73DD ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys

20:03:27.0550 0x11a0 HDAudBus - ok

20:03:27.0550 0x11a0 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\windows\System32\drivers\HidBatt.sys

20:03:27.0550 0x11a0 HidBatt - ok

20:03:27.0550 0x11a0 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\windows\System32\drivers\hidbth.sys

20:03:27.0550 0x11a0 HidBth - ok

20:03:27.0565 0x11a0 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\windows\System32\drivers\hidi2c.sys

20:03:27.0565 0x11a0 hidi2c - ok

20:03:27.0565 0x11a0 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\windows\System32\drivers\hidir.sys

20:03:27.0565 0x11a0 HidIr - ok

20:03:27.0565 0x11a0 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\windows\system32\hidserv.dll

20:03:27.0565 0x11a0 hidserv - ok

20:03:27.0581 0x11a0 [ F31397220D9687E11EB448649AA6E038, 671ACEAA8E00E0D4ED7E33D06A4558121DA4F56EB94F1CBC16FEB2EF3852F7A5 ] HidUsb C:\windows\System32\drivers\hidusb.sys

20:03:27.0581 0x11a0 HidUsb - ok

20:03:27.0581 0x11a0 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\windows\system32\kmsvc.dll

20:03:27.0581 0x11a0 hkmsvc - ok

20:03:27.0581 0x11a0 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\windows\system32\ListSvc.dll

20:03:27.0596 0x11a0 HomeGroupListener - ok

20:03:27.0596 0x11a0 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\windows\system32\provsvc.dll

20:03:27.0612 0x11a0 HomeGroupProvider - ok

20:03:27.0612 0x11a0 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

20:03:27.0612 0x11a0 HpSAMD - ok

20:03:27.0628 0x11a0 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\windows\system32\drivers\HTTP.sys

20:03:27.0643 0x11a0 HTTP - ok

20:03:27.0659 0x11a0 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

20:03:27.0659 0x11a0 hwpolicy - ok

20:03:27.0659 0x11a0 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys

20:03:27.0659 0x11a0 hyperkbd - ok

20:03:27.0659 0x11a0 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys

20:03:27.0659 0x11a0 HyperVideo - ok

20:03:27.0659 0x11a0 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\windows\System32\drivers\i8042prt.sys

20:03:27.0675 0x11a0 i8042prt - ok

20:03:27.0675 0x11a0 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\windows\System32\drivers\iaLPSSi_GPIO.sys

20:03:27.0675 0x11a0 iaLPSSi_GPIO - ok

20:03:27.0675 0x11a0 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\windows\System32\drivers\iaLPSSi_I2C.sys

20:03:27.0675 0x11a0 iaLPSSi_I2C - ok

20:03:27.0690 0x11a0 [ 8BE099617DA18FE085A40D47FC156B1B, A5F7AB41D32DF8A12F1945C263EE954CE15069C3CFD7131C74A8A3F4EC3AC122 ] iaStorA C:\windows\system32\drivers\iaStorA.sys

20:03:27.0706 0x11a0 iaStorA - ok

20:03:27.0721 0x11a0 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\windows\system32\drivers\iaStorAV.sys

20:03:27.0721 0x11a0 iaStorAV - ok

20:03:27.0737 0x11a0 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

20:03:27.0753 0x11a0 iaStorV - ok

20:03:27.0753 0x11a0 [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV C:\windows\system32\DRIVERS\ibmpmdrv.sys

20:03:27.0753 0x11a0 IBMPMDRV - ok

20:03:27.0753 0x11a0 [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC C:\windows\system32\ibmpmsvc.exe

20:03:27.0753 0x11a0 IBMPMSVC - ok

20:03:27.0768 0x11a0 [ 8B8674AEBAB18B2F422C5FDFA3A48E33, 7257B91408F431401FF50D70C5724D3B18AC226AE4B85ADDC04A5357FF67ACBF ] ibtusb C:\windows\system32\DRIVERS\ibtusb.sys

20:03:27.0768 0x11a0 ibtusb - ok

20:03:27.0784 0x11a0 [ EB1118C371A096FFD4275EB85CB9EC2E, 9A697FFA7874279D26B71F1294858B8F91CB9782E40AB963AA417AFF4FFD3889 ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150320.001\IDSvia64.sys

20:03:27.0784 0x11a0 IDSVia64 - ok

20:03:27.0800 0x11a0 IEEtwCollectorService - ok

20:03:27.0862 0x11a0 [ 09E41C653B31A4AF5B0E5D25C3FBC057, B45740F3FCF3565AC1D40486B9313B61F0824B36BD6C28DB057497ACD9D4FB39 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

20:03:27.0925 0x11a0 igfx - ok

20:03:27.0940 0x11a0 [ E71AC94964ED675B3ED0727059B7F97B, 5468B5E9B75B10EA0BFBD81827FFC9CABFC69A4065CC5A5792DBC289D4DA27EE ] ikbevent C:\windows\system32\DRIVERS\ikbevent.sys

20:03:27.0940 0x11a0 ikbevent - ok

20:03:27.0956 0x11a0 [ B82255670D270B75D2D2F0F8747D1443, C40E151AC3FBF289456A4AD9E5744B314067ADA03FE729970410931904305F51 ] IKEEXT C:\windows\System32\ikeext.dll

20:03:27.0971 0x11a0 IKEEXT - ok

20:03:27.0971 0x11a0 [ 2FDB67F5B9F4E96B40FDC9D1AA0B686F, B556328D54F886792A89588F3FEFE38F7129E3D7A417CDC012778FA4EF37A8C1 ] imsevent C:\windows\system32\DRIVERS\imsevent.sys

20:03:27.0971 0x11a0 imsevent - ok

20:03:27.0987 0x11a0 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys

20:03:27.0987 0x11a0 intaud_WaveExtensible - ok

20:03:28.0050 0x11a0 [ 689F04285EF20E98B4F338AF7523A4C2, C2D1EB41382A346607BD91CDBFAEACBC4087EC8482312CBE2E6FBCB87E1B8320 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

20:03:28.0128 0x11a0 IntcAzAudAddService - ok

20:03:28.0143 0x11a0 [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE1062983120E3BD1C4DB ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

20:03:28.0143 0x11a0 IntcDAud - ok

20:03:28.0159 0x11a0 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

20:03:28.0175 0x11a0 Intel® Capability Licensing Service Interface - ok

20:03:28.0190 0x11a0 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

20:03:28.0206 0x11a0 Intel® Capability Licensing Service TCP IP Interface - ok

20:03:28.0206 0x11a0 [ 6D754F5A8608B71DFAF187C1CDAB6BCA, 43C95FB18086BB5922DE37881B8296F5126B7F614EDBEF18A443C9B7DBB0E8D7 ] Intel® Wireless Bluetooth® 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

20:03:28.0206 0x11a0 Intel® Wireless Bluetooth® 4.0 Radio Management - ok

20:03:28.0206 0x11a0 [ F50B2E914B62CE536692FEDD7C81B0D1, ECAA415DB861CAED30BC40F8236C7DC13059BD5B8E4D5021887A902F8F8C38E3 ] IntelHSWPcc C:\windows\system32\drivers\IntelPcc.sys

20:03:28.0221 0x11a0 IntelHSWPcc - ok

20:03:28.0221 0x11a0 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\windows\system32\drivers\intelide.sys

20:03:28.0221 0x11a0 intelide - ok

20:03:28.0221 0x11a0 [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\windows\system32\drivers\intelpep.sys

20:03:28.0221 0x11a0 intelpep - ok

20:03:28.0221 0x11a0 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\windows\System32\drivers\intelppm.sys

20:03:28.0221 0x11a0 intelppm - ok

20:03:28.0237 0x11a0 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

20:03:28.0237 0x11a0 IpFilterDriver - ok

20:03:28.0253 0x11a0 [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

20:03:28.0268 0x11a0 iphlpsvc - ok

20:03:28.0268 0x11a0 [ 9949A3C7590B8C536C05312205079A82, 9276A09D5F910AE8358A96505AB3F66C514870944D58B63B71D5E96567D1E6BB ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys

20:03:28.0268 0x11a0 IPMIDRV - ok

20:03:28.0284 0x11a0 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\windows\system32\drivers\ipnat.sys

20:03:28.0284 0x11a0 IPNAT - ok

20:03:28.0284 0x11a0 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\windows\system32\drivers\irenum.sys

20:03:28.0284 0x11a0 IRENUM - ok

20:03:28.0284 0x11a0 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\windows\system32\drivers\isapnp.sys

20:03:28.0284 0x11a0 isapnp - ok

20:03:28.0300 0x11a0 [ 034D4BD9DC67C64F3A4C8A049B5173BF, C68AF5A5AD4092AA1C871BD38473AEF84EC3ECF4D06FBEB5F6C09972EF1B8A81 ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys

20:03:28.0300 0x11a0 iScsiPrt - ok

20:03:28.0315 0x11a0 [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT C:\windows\System32\drivers\ISCTD64.sys

20:03:28.0315 0x11a0 ISCT - ok

20:03:28.0315 0x11a0 [ 2A676B190889ACEDF3AA8D64C269F8AF, 7830536B86BC4233AD4EDD30B6CDEFDCA3969BD53B970BAA6ADCE9C3B88B8593 ] ISCTAgent C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

20:03:28.0315 0x11a0 ISCTAgent - ok

20:03:28.0331 0x11a0 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\windows\System32\drivers\iwdbus.sys

20:03:28.0331 0x11a0 iwdbus - ok

20:03:28.0331 0x11a0 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

20:03:28.0331 0x11a0 jhi_service - ok

20:03:28.0331 0x11a0 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\windows\System32\drivers\kbdclass.sys

20:03:28.0346 0x11a0 kbdclass - ok

20:03:28.0346 0x11a0 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\windows\System32\drivers\kbdhid.sys

20:03:28.0346 0x11a0 kbdhid - ok

20:03:28.0346 0x11a0 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\windows\system32\drivers\kbldfltr.sys

20:03:28.0346 0x11a0 kbldfltr - ok

20:03:28.0346 0x11a0 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\windows\system32\DRIVERS\kdnic.sys

20:03:28.0346 0x11a0 kdnic - ok

20:03:28.0346 0x11a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\windows\system32\lsass.exe

20:03:28.0362 0x11a0 KeyIso - ok

20:03:28.0362 0x11a0 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

20:03:28.0362 0x11a0 KSecDD - ok

20:03:28.0362 0x11a0 [ 3C2A27553BA01F187A2A99C7831484AC, 697B61472BA61CBDFB57F3F3EB46766BD6751F15A7419527BF6EEF825F3B6E5B ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

20:03:28.0362 0x11a0 KSecPkg - ok

20:03:28.0378 0x11a0 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

20:03:28.0378 0x11a0 ksthunk - ok

20:03:28.0378 0x11a0 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\windows\system32\msdtckrm.dll

20:03:28.0393 0x11a0 KtmRm - ok

20:03:28.0393 0x11a0 [ 27B58E16CF895AC1F1A97C04814C2239, D4336155331DDBF91952CDC6C446C68FF524F979099BA8D9B3A578758F97B2BE ] LanmanServer C:\windows\system32\srvsvc.dll

20:03:28.0409 0x11a0 LanmanServer - ok

20:03:28.0409 0x11a0 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\windows\System32\wkssvc.dll

20:03:28.0425 0x11a0 LanmanWorkstation - ok

20:03:28.0425 0x11a0 [ 754891B0F48F961571580569C185EB00, 0818FCF23E0C795DFDB72A7215973D801E6559818F5A4AF050E0994522B6EAF7 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe

20:03:28.0440 0x11a0 Lenovo EasyPlus Hotspot - ok

20:03:28.0487 0x11a0 [ B5E665FF807AD1DD88DC37A1A2DE8AF5, B961108641844DBAD0FB84C03D7F3DC246909CB5BE210F379464FCFF739E3CD6 ] Lenovo Settings Service C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe

20:03:28.0518 0x11a0 Lenovo Settings Service - ok

20:03:28.0534 0x11a0 [ 623CB981AE1742BB99D934884443C4EF, 6A96F171BAB219A62E65EFB3817901DB254456EDE53C4FF2446877442BC23E25 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\cammute.exe

20:03:28.0534 0x11a0 LENOVO.CAMMUTE - ok

20:03:28.0550 0x11a0 [ 09940F4B99FEE60852CDC84BA6C75E6C, 6A1DE349AD54A2C7F105794977DA78B02AE27694D6E62EB3402A337B9FF1D9C3 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe

20:03:28.0565 0x11a0 LENOVO.TPKNRSVC - ok

20:03:28.0581 0x11a0 [ 038CF67E2743F96C8A85694740B0173C, A0E373DDAD9448413767D2F40F5A4826B811ADC133867AC4AFC831696CDC3BA5 ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

20:03:28.0581 0x11a0 LENOVO.TVTVCAM - ok

20:03:28.0596 0x11a0 [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

20:03:28.0596 0x11a0 Lenovo.VIRTSCRLSVC - ok

20:03:28.0612 0x11a0 [ EE289BD147FDFF95EF1B9BD65D3B974A, EFD9D0F6C73E7D2D52DBE2E2A8D3009BFB6AB24776A100CA528A8365002C6105 ] lfsvc C:\windows\System32\GeofenceMonitorService.dll

20:03:28.0612 0x11a0 lfsvc - ok

20:03:28.0612 0x11a0 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

20:03:28.0612 0x11a0 lltdio - ok

20:03:28.0628 0x11a0 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\windows\System32\lltdsvc.dll

20:03:28.0628 0x11a0 lltdsvc - ok

20:03:28.0643 0x11a0 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\windows\System32\lmhsvc.dll

20:03:28.0643 0x11a0 lmhosts - ok

20:03:28.0643 0x11a0 [ 888A1DD2EB317FAF3906E64ACEE7A1BC, 1FDEA6073F64E829A4208BECBE1DAE7FBEC19D6100B001D1A78D48A3CBF687C3 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:03:28.0659 0x11a0 LMS - ok

20:03:28.0659 0x11a0 [ 2848B67834AA161597F4793BB71D3DF3, 052079C357225F1F92C4BCC762C27884E6FA9A0E05B8C77C13B28FCC28F11A8C ] lnvDiscoveryWinSvc C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe

20:03:28.0659 0x11a0 lnvDiscoveryWinSvc - ok

20:03:28.0675 0x11a0 [ 658BDE9D88FEC3217065C3A90824E192, 941FFCE10B5EFD475F5C12E85EAECB8FDEEBB479432DFAC336DB7DFABCD574C6 ] LocationTaskManager C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe

20:03:28.0675 0x11a0 LocationTaskManager - ok

20:03:28.0706 0x11a0 [ 6A49967EE909349DE796BC443FF3EE33, 2BDA309775DF2680D25E4695B0B1EA9092965C96677EFEDFCDBAED7101E5EA4C ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe

20:03:28.0737 0x11a0 LSCWinService - ok

20:03:28.0737 0x11a0 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

20:03:28.0737 0x11a0 LSI_SAS - ok

20:03:28.0737 0x11a0 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

20:03:28.0753 0x11a0 LSI_SAS2 - ok

20:03:28.0753 0x11a0 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\windows\system32\drivers\lsi_sas3.sys

20:03:28.0753 0x11a0 LSI_SAS3 - ok

20:03:28.0753 0x11a0 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys

20:03:28.0753 0x11a0 LSI_SSS - ok

20:03:28.0768 0x11a0 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\windows\System32\lsm.dll

20:03:28.0784 0x11a0 LSM - ok

20:03:28.0784 0x11a0 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\windows\system32\drivers\luafv.sys

20:03:28.0784 0x11a0 luafv - ok

20:03:28.0831 0x11a0 [ AE5983648FC4C35EE202724B21F60201, 31912873FBD0F81FCDBBEC1C5ADA28D8F84CD3FB9BA2EF6348400B6DD185B676 ] MaxthonUpdateSvc C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe

20:03:28.0862 0x11a0 MaxthonUpdateSvc - ok

20:03:28.0862 0x11a0 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\windows\system32\drivers\megasas.sys

20:03:28.0862 0x11a0 megasas - ok

20:03:28.0878 0x11a0 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\windows\system32\drivers\megasr.sys

20:03:28.0878 0x11a0 megasr - ok

20:03:28.0893 0x11a0 [ 8FE46E9374DAD76ED081936DEDD3F6B0, 2CEA37D4C9BD68BCF554120FF2A6A6B6E2A5CBB48C62071D1210557CB6A1D32D ] MEIx64 C:\windows\system32\DRIVERS\TeeDriverx64.sys

20:03:28.0893 0x11a0 MEIx64 - ok

20:03:28.0893 0x11a0 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\windows\system32\mmcss.dll

20:03:28.0893 0x11a0 MMCSS - ok

20:03:28.0893 0x11a0 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\windows\system32\drivers\modem.sys

20:03:28.0893 0x11a0 Modem - ok

20:03:28.0909 0x11a0 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\windows\System32\drivers\monitor.sys

20:03:28.0909 0x11a0 monitor - ok

20:03:28.0909 0x11a0 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\windows\System32\drivers\mouclass.sys

20:03:28.0909 0x11a0 mouclass - ok

20:03:28.0909 0x11a0 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\windows\System32\drivers\mouhid.sys

20:03:28.0909 0x11a0 mouhid - ok

20:03:28.0925 0x11a0 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\windows\system32\drivers\mountmgr.sys

20:03:28.0925 0x11a0 mountmgr - ok

20:03:28.0925 0x11a0 [ 0590250C8EE5DFD68C244DD484DED03B, B3CF11205D220E8366383FD512C70E0EFE621E764F64EECDD0A31D31A7E1632A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:03:28.0925 0x11a0 MozillaMaintenance - ok

20:03:28.0940 0x11a0 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

20:03:28.0940 0x11a0 mpsdrv - ok

20:03:28.0956 0x11a0 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\windows\system32\mpssvc.dll

20:03:28.0971 0x11a0 MpsSvc - ok

20:03:28.0971 0x11a0 [ 59DCEC7499095DE5AED741358037AE2D, 60C4CEBCAE27C121E9D63BD2BC3E5863A91ABC77616C56C10618273A8F9B6F61 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

20:03:28.0971 0x11a0 MRxDAV - ok

20:03:28.0987 0x11a0 [ 16FFC07D36FD83ACA189A641385168B3, AE5C69B9AACE2BC6F79211C85570D5246C35726C1C97D314F6E06B339704C365 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

20:03:28.0987 0x11a0 mrxsmb - ok

20:03:29.0003 0x11a0 [ 295771B092D4F7FCF2B62F80CCD14320, 53655B5ABA43A6A9114FE545B88F84E52319B905B8393A51BD97678D3F94A178 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

20:03:29.0003 0x11a0 mrxsmb10 - ok

20:03:29.0018 0x11a0 [ AAF56E4E84D35411B4E446C445732DFE, 7AC41CAA0842AE4DA4EEF976202C58D7923DAA367F0D7E800D432323D5E7DE1A ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

20:03:29.0018 0x11a0 mrxsmb20 - ok

20:03:29.0018 0x11a0 [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys

20:03:29.0018 0x11a0 MsBridge - ok

20:03:29.0034 0x11a0 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\windows\System32\msdtc.exe

20:03:29.0034 0x11a0 MSDTC - ok

20:03:29.0034 0x11a0 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\windows\system32\drivers\Msfs.sys

20:03:29.0050 0x11a0 Msfs - ok

20:03:29.0050 0x11a0 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys

20:03:29.0050 0x11a0 msgpiowin32 - ok

20:03:29.0050 0x11a0 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

20:03:29.0050 0x11a0 mshidkmdf - ok

20:03:29.0050 0x11a0 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys

20:03:29.0050 0x11a0 mshidumdf - ok

20:03:29.0065 0x11a0 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\windows\system32\drivers\msisadrv.sys

20:03:29.0065 0x11a0 msisadrv - ok

20:03:29.0065 0x11a0 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\windows\system32\iscsiexe.dll

20:03:29.0065 0x11a0 MSiSCSI - ok

20:03:29.0081 0x11a0 msiserver - ok

20:03:29.0081 0x11a0 [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\windows\System32\KeyboardFilterSvc.dll

20:03:29.0081 0x11a0 MsKeyboardFilter - ok

20:03:29.0081 0x11a0 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

20:03:29.0081 0x11a0 MSKSSRV - ok

20:03:29.0096 0x11a0 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys

20:03:29.0096 0x11a0 MsLldp - ok

20:03:29.0096 0x11a0 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

20:03:29.0096 0x11a0 MSPCLOCK - ok

20:03:29.0096 0x11a0 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

20:03:29.0096 0x11a0 MSPQM - ok

20:03:29.0112 0x11a0 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\windows\system32\drivers\MsRPC.sys

20:03:29.0112 0x11a0 MsRPC - ok

20:03:29.0128 0x11a0 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\windows\System32\drivers\mssmbios.sys

20:03:29.0128 0x11a0 mssmbios - ok

20:03:29.0128 0x11a0 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

20:03:29.0128 0x11a0 MSTEE - ok

20:03:29.0128 0x11a0 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\windows\System32\drivers\MTConfig.sys

20:03:29.0128 0x11a0 MTConfig - ok

20:03:29.0143 0x11a0 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\windows\system32\Drivers\mup.sys

20:03:29.0143 0x11a0 Mup - ok

20:03:29.0143 0x11a0 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\windows\system32\drivers\mvumis.sys

20:03:29.0143 0x11a0 mvumis - ok

20:03:29.0143 0x11a0 [ FCDCFEDAF3C1D61DE11FA0DE9453699C, 4E79F1040E62B0DEE00F3035DBFE5241A459FE4C1A46337FF13A25FF8C5A64A5 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

20:03:29.0159 0x11a0 MyWiFiDHCPDNS - ok

20:03:29.0159 0x11a0 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\windows\system32\qagentRT.dll

20:03:29.0175 0x11a0 napagent - ok

20:03:29.0190 0x11a0 [ 38E6D9890AEE0CDF80F46DD17483066B, 055CB377F71F72B77C4AB185CA983298BCB020F5F8BA400E25306E6F47816070 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

20:03:29.0190 0x11a0 NativeWifiP - ok

20:03:29.0206 0x11a0 [ 54F4B358F41C664CBDE4507D67EED1CD, CDCA0A778AF596933CD7CBF1119FCA551ECC03CBBD4F1E8213C3FD2FECA902F2 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150323.001\ENG64.SYS

20:03:29.0206 0x11a0 NAVENG - ok

20:03:29.0253 0x11a0 [ A74D67EEEB3938FD2FA3B65B24C32C44, 4D780B70B57E23A3A155794C4DEEBD856E32D35B789BDF4673AAC8FC3AC4367B ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150323.001\EX64.SYS

20:03:29.0284 0x11a0 NAVEX15 - ok

20:03:29.0300 0x11a0 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\windows\System32\ncasvc.dll

20:03:29.0300 0x11a0 NcaSvc - ok

20:03:29.0315 0x11a0 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\windows\System32\ncbservice.dll

20:03:29.0315 0x11a0 NcbService - ok

20:03:29.0315 0x11a0 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll

20:03:29.0315 0x11a0 NcdAutoSetup - ok

20:03:29.0346 0x11a0 [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS C:\windows\system32\drivers\ndis.sys

20:03:29.0346 0x11a0 NDIS - ok

20:03:29.0362 0x11a0 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

20:03:29.0362 0x11a0 NdisCap - ok

20:03:29.0362 0x11a0 [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys

20:03:29.0362 0x11a0 NdisImPlatform - ok

20:03:29.0378 0x11a0 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

20:03:29.0378 0x11a0 NdisTapi - ok

20:03:29.0378 0x11a0 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

20:03:29.0378 0x11a0 Ndisuio - ok

20:03:29.0378 0x11a0 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\windows\System32\drivers\NdisVirtualBus.sys

20:03:29.0378 0x11a0 NdisVirtualBus - ok

20:03:29.0393 0x11a0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

20:03:29.0393 0x11a0 NdisWan - ok

20:03:29.0393 0x11a0 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\windows\system32\DRIVERS\ndiswan.sys

20:03:29.0393 0x11a0 NdisWanLegacy - ok

20:03:29.0409 0x11a0 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

20:03:29.0409 0x11a0 NDProxy - ok

20:03:29.0409 0x11a0 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\windows\system32\drivers\Ndu.sys

20:03:29.0409 0x11a0 Ndu - ok

20:03:29.0409 0x11a0 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

20:03:29.0425 0x11a0 NetBIOS - ok

20:03:29.0425 0x11a0 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

20:03:29.0425 0x11a0 NetBT - ok

20:03:29.0440 0x11a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\windows\system32\lsass.exe

20:03:29.0440 0x11a0 Netlogon - ok

20:03:29.0440 0x11a0 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\windows\System32\netman.dll

20:03:29.0440 0x11a0 Netman - ok

20:03:29.0456 0x11a0 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\windows\System32\netprofmsvc.dll

20:03:29.0471 0x11a0 netprofm - ok

20:03:29.0471 0x11a0 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:03:29.0471 0x11a0 NetTcpPortSharing - ok

20:03:29.0487 0x11a0 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\windows\system32\DRIVERS\netvsc63.sys

20:03:29.0487 0x11a0 netvsc - ok

20:03:29.0550 0x11a0 [ B6EDB4D2BA55CA06FF679FA4B885B1F4, 3A5E509B52216DEFBEDE2CA35C77A2AB8114E41D702765F6712DD8D24B394826 ] NETwNb64 C:\windows\system32\DRIVERS\NETwbw02.sys

20:03:29.0596 0x11a0 NETwNb64 - ok

20:03:29.0690 0x11a0 [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64 C:\windows\system32\DRIVERS\NETwew02.sys

20:03:29.0753 0x11a0 NETwNe64 - ok

20:03:29.0768 0x11a0 [ 0B9296AC65C6F3F32E3337490F4BEC67, 149D08436B749003E1B8307C56D46A59983E92DDD1D1348A0FEABD43D34E57BD ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

20:03:29.0768 0x11a0 NIS - ok

20:03:29.0784 0x11a0 [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\windows\System32\nlasvc.dll

20:03:29.0800 0x11a0 NlaSvc - ok

20:03:29.0800 0x11a0 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\windows\system32\drivers\Npfs.sys

20:03:29.0800 0x11a0 Npfs - ok

20:03:29.0800 0x11a0 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys

20:03:29.0800 0x11a0 npsvctrig - ok

20:03:29.0800 0x11a0 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\windows\system32\nsisvc.dll

20:03:29.0815 0x11a0 nsi - ok

20:03:29.0815 0x11a0 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

20:03:29.0815 0x11a0 nsiproxy - ok

20:03:29.0846 0x11a0 [ 9AEB38B451A7B84ACB7CD3D664F87BF0, B27F4C88CF833888E9FF2C734CFAFA1BB5A25AA9FDF2DBB2EBDC263F59F4A32A ] Ntfs C:\windows\system32\drivers\Ntfs.sys

20:03:29.0878 0x11a0 Ntfs - ok

20:03:29.0893 0x11a0 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\windows\system32\drivers\Null.sys

20:03:29.0893 0x11a0 Null - ok

20:03:29.0909 0x11a0 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\windows\system32\drivers\nvraid.sys

20:03:29.0909 0x11a0 nvraid - ok

20:03:29.0909 0x11a0 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\windows\system32\drivers\nvstor.sys

20:03:29.0909 0x11a0 nvstor - ok

20:03:29.0925 0x11a0 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

20:03:29.0925 0x11a0 nv_agp - ok

20:03:29.0925 0x11a0 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\windows\system32\pnrpsvc.dll

20:03:29.0940 0x11a0 p2pimsvc - ok

20:03:29.0940 0x11a0 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\windows\system32\p2psvc.dll

20:03:29.0956 0x11a0 p2psvc - ok

20:03:29.0956 0x11a0 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\windows\System32\drivers\parport.sys

20:03:29.0956 0x11a0 Parport - ok

20:03:29.0971 0x11a0 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\windows\system32\drivers\partmgr.sys

20:03:29.0971 0x11a0 partmgr - ok

20:03:29.0971 0x11a0 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\windows\System32\pcasvc.dll

20:03:29.0987 0x11a0 PcaSvc - ok

20:03:29.0987 0x11a0 [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci C:\windows\system32\drivers\pci.sys

20:03:30.0003 0x11a0 pci - ok

20:03:30.0003 0x11a0 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\windows\system32\drivers\pciide.sys

20:03:30.0003 0x11a0 pciide - ok

20:03:30.0003 0x11a0 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\windows\system32\drivers\pcmcia.sys

20:03:30.0003 0x11a0 pcmcia - ok

20:03:30.0003 0x11a0 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\windows\system32\drivers\pcw.sys

20:03:30.0018 0x11a0 pcw - ok

20:03:30.0018 0x11a0 [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\windows\system32\drivers\pdc.sys

20:03:30.0018 0x11a0 pdc - ok

20:03:30.0034 0x11a0 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\windows\system32\drivers\peauth.sys

20:03:30.0050 0x11a0 PEAUTH - ok

20:03:30.0081 0x11a0 [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll

20:03:30.0112 0x11a0 PeerDistSvc - ok

20:03:30.0143 0x11a0 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\windows\SysWow64\perfhost.exe

20:03:30.0143 0x11a0 PerfHost - ok

20:03:30.0190 0x11a0 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\windows\system32\pla.dll

20:03:30.0206 0x11a0 pla - ok

20:03:30.0206 0x11a0 [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] PlugPlay C:\windows\system32\umpnpmgr.dll

20:03:30.0222 0x11a0 PlugPlay - ok

20:03:30.0222 0x11a0 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

20:03:30.0222 0x11a0 PNRPAutoReg - ok

20:03:30.0222 0x11a0 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\windows\system32\pnrpsvc.dll

20:03:30.0237 0x11a0 PNRPsvc - ok

20:03:30.0237 0x11a0 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

20:03:30.0253 0x11a0 PolicyAgent - ok

20:03:30.0253 0x11a0 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\windows\system32\umpo.dll

20:03:30.0253 0x11a0 Power - ok

20:03:30.0300 0x11a0 [ A8176B52B59179C731B08C7C5A41A80B, DAD79AB8E5F1D8FEE270CA2C9E20BB98A8776618666B81FEFA56A8CA56D2FCE5 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

20:03:30.0315 0x11a0 Power Manager DBC Service - ok

20:03:30.0393 0x11a0 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll

20:03:30.0440 0x11a0 PrintNotify - ok

20:03:30.0456 0x11a0 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\windows\System32\drivers\processr.sys

20:03:30.0456 0x11a0 Processor - ok

20:03:30.0456 0x11a0 [ 8A5FA31F9E66C4DD2D8987E1BF888A0A, FD7A138DC449CA94D1D20266996779B114CC66CE5A197B81103D225D8A031B2F ] ProfSvc C:\windows\system32\profsvc.dll

20:03:30.0472 0x11a0 ProfSvc - ok

20:03:30.0472 0x11a0 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\windows\system32\DRIVERS\pacer.sys

20:03:30.0472 0x11a0 Psched - ok

20:03:30.0472 0x11a0 [ 9DBBA3012B1930A097B247DF85104995, 0655D814C5D51E96C6B09ED56EA76B9FF3A7A6D7366D97ED28EA4FAE02EDC8DC ] QuickControlMasterSvc C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe

20:03:30.0487 0x11a0 QuickControlMasterSvc - ok

20:03:30.0487 0x11a0 [ EBB2F6ACCB7163F2CE8BF52D8AB38827, 877D44ADB71B515A3E04B93172D6C33482174422EBFCE32D5556A7554857F7CA ] QuickControlService C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe

20:03:30.0487 0x11a0 QuickControlService - ok

20:03:30.0503 0x11a0 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\windows\system32\qwave.dll

20:03:30.0503 0x11a0 QWAVE - ok

20:03:30.0503 0x11a0 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

20:03:30.0503 0x11a0 QWAVEdrv - ok

20:03:30.0518 0x11a0 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

20:03:30.0518 0x11a0 RasAcd - ok

20:03:30.0518 0x11a0 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\windows\System32\rasauto.dll

20:03:30.0518 0x11a0 RasAuto - ok

20:03:30.0534 0x11a0 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\windows\System32\rasmans.dll

20:03:30.0534 0x11a0 RasMan - ok

20:03:30.0550 0x11a0 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

20:03:30.0550 0x11a0 RasPppoe - ok

20:03:30.0565 0x11a0 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

20:03:30.0565 0x11a0 rdbss - ok

20:03:30.0565 0x11a0 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\windows\System32\drivers\rdpbus.sys

20:03:30.0565 0x11a0 rdpbus - ok

20:03:30.0581 0x11a0 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\windows\system32\drivers\rdpdr.sys

20:03:30.0581 0x11a0 RDPDR - ok

20:03:30.0581 0x11a0 [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys

20:03:30.0597 0x11a0 RdpVideoMiniport - ok

20:03:30.0597 0x11a0 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\windows\system32\drivers\rdyboost.sys

20:03:30.0597 0x11a0 rdyboost - ok

20:03:30.0628 0x11a0 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\windows\system32\drivers\ReFS.sys

20:03:30.0628 0x11a0 ReFS - ok

20:03:30.0643 0x11a0 [ 5B1F724CBCA8E08DC9D4C158C9BC1C1C, D5B170CF4B5420213130E151AFBBD9B84C5F7E710F5F67066E07095DEC1BD4B9 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

20:03:30.0643 0x11a0 RegSrvc - ok

20:03:30.0659 0x11a0 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\windows\System32\mprdim.dll

20:03:30.0659 0x11a0 RemoteAccess - ok

20:03:30.0659 0x11a0 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\windows\system32\regsvc.dll

20:03:30.0675 0x11a0 RemoteRegistry - ok

20:03:30.0675 0x11a0 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\windows\System32\drivers\rfcomm.sys

20:03:30.0675 0x11a0 RFCOMM - ok

20:03:30.0690 0x11a0 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

20:03:30.0690 0x11a0 RpcEptMapper - ok

20:03:30.0690 0x11a0 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\windows\system32\locator.exe

20:03:30.0690 0x11a0 RpcLocator - ok

20:03:30.0706 0x11a0 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\windows\system32\rpcss.dll

20:03:30.0722 0x11a0 RpcSs - ok

20:03:30.0737 0x11a0 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

20:03:30.0737 0x11a0 rspndr - ok

20:03:30.0753 0x11a0 [ D1255851605A6FBFC5D740152D7FEEA3, 3780D3CD521176850E080A0541201C43ED9E84E2EC7D355DA317CCA491913194 ] RTSPER C:\windows\system32\DRIVERS\RtsPer.sys

20:03:30.0753 0x11a0 RTSPER - ok

20:03:30.0753 0x11a0 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\windows\System32\drivers\vms3cap.sys

20:03:30.0768 0x11a0 s3cap - ok

20:03:30.0768 0x11a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\windows\system32\lsass.exe

20:03:30.0768 0x11a0 SamSs - ok

20:03:30.0768 0x11a0 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\windows\system32\drivers\sbp2port.sys

20:03:30.0784 0x11a0 sbp2port - ok

20:03:30.0784 0x11a0 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\windows\System32\SCardSvr.dll

20:03:30.0784 0x11a0 SCardSvr - ok

20:03:30.0800 0x11a0 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\windows\System32\ScDeviceEnum.dll

20:03:30.0800 0x11a0 ScDeviceEnum - ok

20:03:30.0800 0x11a0 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

20:03:30.0800 0x11a0 scfilter - ok

20:03:30.0831 0x11a0 [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule C:\windows\system32\schedsvc.dll

20:03:30.0862 0x11a0 Schedule - ok

20:03:30.0862 0x11a0 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\windows\System32\certprop.dll

20:03:30.0862 0x11a0 SCPolicySvc - ok

20:03:30.0878 0x11a0 [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus C:\windows\System32\drivers\sdbus.sys

20:03:30.0878 0x11a0 sdbus - ok

20:03:30.0878 0x11a0 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\windows\System32\drivers\sdstor.sys

20:03:30.0878 0x11a0 sdstor - ok

20:03:30.0878 0x11a0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys

20:03:30.0878 0x11a0 secdrv - ok

20:03:30.0893 0x11a0 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\windows\system32\seclogon.dll

20:03:30.0893 0x11a0 seclogon - ok

20:03:30.0893 0x11a0 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\windows\System32\sens.dll

20:03:30.0893 0x11a0 SENS - ok

20:03:30.0909 0x11a0 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\windows\system32\sensrsvc.dll

20:03:30.0909 0x11a0 SensrSvc - ok

20:03:30.0909 0x11a0 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\windows\system32\drivers\SerCx.sys

20:03:30.0909 0x11a0 SerCx - ok

20:03:30.0925 0x11a0 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\windows\system32\drivers\SerCx2.sys

20:03:30.0925 0x11a0 SerCx2 - ok

20:03:30.0925 0x11a0 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\windows\System32\drivers\serenum.sys

20:03:30.0925 0x11a0 Serenum - ok

20:03:30.0925 0x11a0 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\windows\System32\drivers\serial.sys

20:03:30.0925 0x11a0 Serial - ok

20:03:30.0940 0x11a0 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\windows\System32\drivers\sermouse.sys

20:03:30.0940 0x11a0 sermouse - ok

20:03:30.0956 0x11a0 [ 441E6FF1F34D7A942946DB42A15FB519, A16BA505B74C7A2ADD08BD5B50728C2AD55062E0ABABAD7E3EE0EB97F3725523 ] SessionEnv C:\windows\system32\sessenv.dll

20:03:30.0956 0x11a0 SessionEnv - ok

20:03:30.0956 0x11a0 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\windows\System32\drivers\sfloppy.sys

20:03:30.0956 0x11a0 sfloppy - ok

20:03:30.0972 0x11a0 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\windows\System32\ipnathlp.dll

20:03:30.0987 0x11a0 SharedAccess - ok

20:03:30.0987 0x11a0 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\windows\System32\shsvcs.dll

20:03:31.0003 0x11a0 ShellHWDetection - ok

20:03:31.0018 0x11a0 [ EF92588890C3ADEE806D6EE7E3892D99, 1B2F9A18D44B42621AE2408997657F7C6D5507980F5EC5F0DDF1876EAA42A471 ] Shockprf C:\windows\system32\DRIVERS\Apsx64.sys

20:03:31.0018 0x11a0 Shockprf - ok

20:03:31.0018 0x11a0 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

20:03:31.0018 0x11a0 SiSRaid2 - ok

20:03:31.0034 0x11a0 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

20:03:31.0034 0x11a0 SiSRaid4 - ok

20:03:31.0034 0x11a0 [ 0E70F937F5C8620FE9346D99B5332BB5, 201AD985F81B07C58448F6797EC5FC46E4940E6D84DFE75EF758E458361B51D3 ] SmbDrvI C:\windows\system32\DRIVERS\Smb_driver_Intel.sys

20:03:31.0034 0x11a0 SmbDrvI - ok

20:03:31.0034 0x11a0 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\windows\System32\smphost.dll

20:03:31.0034 0x11a0 smphost - ok

20:03:31.0050 0x11a0 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\windows\System32\snmptrap.exe

20:03:31.0050 0x11a0 SNMPTRAP - ok

20:03:31.0050 0x11a0 [ 87765EF43C33BE342F4ACB0E3FBF89A6, 3C1DDED7F96F796702F1BC73D5CEE5251DD16011AA349FE4EE1D9C002E0171C6 ] spaceport C:\windows\system32\drivers\spaceport.sys

20:03:31.0065 0x11a0 spaceport - ok

20:03:31.0065 0x11a0 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\windows\system32\drivers\SpbCx.sys

20:03:31.0065 0x11a0 SpbCx - ok

20:03:31.0081 0x11a0 [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\windows\System32\spoolsv.exe

20:03:31.0097 0x11a0 Spooler - ok

20:03:31.0206 0x11a0 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\windows\system32\sppsvc.exe

20:03:31.0300 0x11a0 sppsvc - ok

20:03:31.0362 0x11a0 [ 3DB11103482C9D9114D236018CD001FE, CE590C1B4A709ECE0793F5F1423ABF47E99A2BC4E3B557EFA01DF67AD23D286D ] SPUVCbv C:\windows\System32\Drivers\SPUVCbv_x64.sys

20:03:31.0378 0x11a0 SPUVCbv - ok

20:03:31.0393 0x11a0 [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP C:\windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS

20:03:31.0409 0x11a0 SRTSP - ok

20:03:31.0409 0x11a0 [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX C:\windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS

20:03:31.0409 0x11a0 SRTSPX - ok

20:03:31.0425 0x11a0 [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\windows\system32\DRIVERS\srv.sys

20:03:31.0425 0x11a0 srv - ok

20:03:31.0440 0x11a0 [ A07E8B69DA403923A06C3E71BA338A7E, 16C937B50C4006CD4B13AF10E3F7DCBFFED379BBFCC44729F7AF2B48EA091887 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

20:03:31.0456 0x11a0 srv2 - ok

20:03:31.0472 0x11a0 [ 77195C32175FC63D6054EBA5A066D727, 22F5D26809BC9288021620040FC7B7BB76708D434C863B3C0C20F73200C1C6A9 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

20:03:31.0472 0x11a0 srvnet - ok

20:03:31.0487 0x11a0 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

20:03:31.0487 0x11a0 SSDPSRV - ok

20:03:31.0487 0x11a0 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\windows\system32\sstpsvc.dll

20:03:31.0503 0x11a0 SstpSvc - ok

20:03:31.0503 0x11a0 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\windows\system32\drivers\stexstor.sys

20:03:31.0503 0x11a0 stexstor - ok

20:03:31.0518 0x11a0 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\windows\System32\wiaservc.dll

20:03:31.0518 0x11a0 stisvc - ok

20:03:31.0534 0x11a0 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\windows\system32\drivers\storahci.sys

20:03:31.0534 0x11a0 storahci - ok

20:03:31.0534 0x11a0 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys

20:03:31.0534 0x11a0 storflt - ok

20:03:31.0550 0x11a0 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\windows\system32\drivers\stornvme.sys

20:03:31.0550 0x11a0 stornvme - ok

20:03:31.0550 0x11a0 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\windows\system32\storsvc.dll

20:03:31.0550 0x11a0 StorSvc - ok

20:03:31.0550 0x11a0 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\windows\system32\drivers\storvsc.sys

20:03:31.0550 0x11a0 storvsc - ok

20:03:31.0550 0x11a0 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\windows\System32\drivers\storvsp.sys

20:03:31.0565 0x11a0 storvsp - ok

20:03:31.0565 0x11a0 [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe

20:03:31.0565 0x11a0 SUService - ok

20:03:31.0565 0x11a0 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\windows\system32\svsvc.dll

20:03:31.0565 0x11a0 svsvc - ok

20:03:31.0565 0x11a0 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\windows\System32\drivers\swenum.sys

20:03:31.0565 0x11a0 swenum - ok

20:03:31.0581 0x11a0 [ E3C92D60F6AD7763961D1E7628002844, A33EED7CB3EE0EF4890AAD095F989FCA7F44CA1055E03D3892AB543DEE74C9B6 ] swprv C:\windows\System32\swprv.dll

20:03:31.0597 0x11a0 swprv - ok

20:03:31.0612 0x11a0 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS

20:03:31.0628 0x11a0 SymDS - ok

20:03:31.0643 0x11a0 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS

20:03:31.0659 0x11a0 SymEFA - ok

20:03:31.0675 0x11a0 [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM C:\windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys

20:03:31.0675 0x11a0 SymELAM - ok

20:03:31.0675 0x11a0 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

20:03:31.0675 0x11a0 SymEvent - ok

20:03:31.0690 0x11a0 [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON C:\windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS

20:03:31.0690 0x11a0 SymIRON - ok

20:03:31.0706 0x11a0 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS

20:03:31.0706 0x11a0 SymNetS - ok

20:03:31.0722 0x11a0 [ EC1D81B99C52C4DE1FB6B6F2FC7639FF, 004F98E1EECA072F7B054B00FB9213A3AD60373C46E3B7375DBDAE9F34010E75 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

20:03:31.0737 0x11a0 SynTP - ok

20:03:31.0753 0x11a0 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\windows\system32\sysmain.dll

20:03:31.0768 0x11a0 SysMain - ok

20:03:31.0784 0x11a0 [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll

20:03:31.0784 0x11a0 SystemEventsBroker - ok

20:03:31.0800 0x11a0 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\windows\System32\TabSvc.dll

20:03:31.0800 0x11a0 TabletInputService - ok

20:03:31.0815 0x11a0 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\windows\System32\tapisrv.dll

20:03:31.0815 0x11a0 TapiSrv - ok

20:03:31.0862 0x11a0 [ ECC68BD5347BDE9631EE68274858A41F, F5274400312C776C13BCBC333AF20C29163FEBC7879E9C6AD45774A0C39F8A52 ] Tcpip C:\windows\system32\drivers\tcpip.sys

20:03:31.0893 0x11a0 Tcpip - ok

20:03:31.0956 0x11a0 [ ECC68BD5347BDE9631EE68274858A41F, F5274400312C776C13BCBC333AF20C29163FEBC7879E9C6AD45774A0C39F8A52 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

20:03:31.0987 0x11a0 TCPIP6 - ok

20:03:32.0003 0x11a0 [ 33A7D83EEB15431773A6E186CFAABA21, AC5100A76CA44BFADF4A54FDB09FF5D2FF13B9F8482DC1AE86C8C27005F77B0F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

20:03:32.0003 0x11a0 tcpipreg - ok

20:03:32.0003 0x11a0 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\windows\system32\DRIVERS\tdx.sys

20:03:32.0018 0x11a0 tdx - ok

20:03:32.0018 0x11a0 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\windows\System32\drivers\terminpt.sys

20:03:32.0018 0x11a0 terminpt - ok

20:03:32.0034 0x11a0 [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService C:\windows\System32\termsrv.dll

20:03:32.0050 0x11a0 TermService - ok

20:03:32.0065 0x11a0 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\windows\system32\themeservice.dll

20:03:32.0065 0x11a0 Themes - ok

20:03:32.0065 0x11a0 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\windows\system32\mmcss.dll

20:03:32.0065 0x11a0 THREADORDER - ok

20:03:32.0081 0x11a0 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\windows\System32\TimeBrokerServer.dll

20:03:32.0081 0x11a0 TimeBroker - ok

20:03:32.0081 0x11a0 [ A61D61672153DFF710CA33186D2C8B18, 8A126E249D1BEB66153A958ACD2C56F8DD8D0D762F0BB035E69FCC259C0A8757 ] TPDIGIMN C:\windows\system32\DRIVERS\ApsHM64.sys

20:03:32.0081 0x11a0 TPDIGIMN - ok

20:03:32.0097 0x11a0 [ 40492513735AED7A4357AAEC84873027, ACBD7F5A2C90866996C7DD0B69AAF6C79AFB0546A31682D8BD9E378DE2A2375C ] TPHDEXLGSVC C:\windows\system32\TPHDEXLG64.exe

20:03:32.0097 0x11a0 TPHDEXLGSVC - ok

20:03:32.0097 0x11a0 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\windows\system32\drivers\tpm.sys

20:03:32.0097 0x11a0 TPM - ok

20:03:32.0112 0x11a0 [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF C:\windows\system32\drivers\Tppwr64v.sys

20:03:32.0112 0x11a0 TPPWRIF - ok

20:03:32.0112 0x11a0 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\windows\System32\trkwks.dll

20:03:32.0112 0x11a0 TrkWks - ok

20:03:32.0112 0x11a0 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\Windows\System32\drivers\TrueSight.sys

20:03:32.0112 0x11a0 TrueSight - ok

20:03:32.0128 0x11a0 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

20:03:32.0128 0x11a0 TrustedInstaller - ok

20:03:32.0128 0x11a0 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

20:03:32.0128 0x11a0 TsUsbFlt - ok

20:03:32.0143 0x11a0 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys

20:03:32.0143 0x11a0 TsUsbGD - ok

20:03:32.0143 0x11a0 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

20:03:32.0143 0x11a0 tunnel - ok

20:03:32.0143 0x11a0 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\windows\system32\drivers\uagp35.sys

20:03:32.0143 0x11a0 uagp35 - ok

20:03:32.0159 0x11a0 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\windows\System32\drivers\uaspstor.sys

20:03:32.0159 0x11a0 UASPStor - ok

20:03:32.0159 0x11a0 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\windows\System32\drivers\ucx01000.sys

20:03:32.0159 0x11a0 UCX01000 - ok

20:03:32.0175 0x11a0 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\windows\system32\DRIVERS\udfs.sys

20:03:32.0175 0x11a0 udfs - ok

20:03:32.0175 0x11a0 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\windows\System32\drivers\UEFI.sys

20:03:32.0190 0x11a0 UEFI - ok

20:03:32.0190 0x11a0 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\windows\system32\UI0Detect.exe

20:03:32.0190 0x11a0 UI0Detect - ok

20:03:32.0190 0x11a0 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

20:03:32.0190 0x11a0 uliagpkx - ok

20:03:32.0206 0x11a0 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\windows\System32\drivers\umbus.sys

20:03:32.0206 0x11a0 umbus - ok

20:03:32.0206 0x11a0 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\windows\System32\drivers\umpass.sys

20:03:32.0206 0x11a0 UmPass - ok

20:03:32.0206 0x11a0 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\windows\System32\umrdp.dll

20:03:32.0222 0x11a0 UmRdpService - ok

20:03:32.0222 0x11a0 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\windows\System32\upnphost.dll

20:03:32.0237 0x11a0 upnphost - ok

20:03:32.0237 0x11a0 [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\windows\System32\drivers\usbccgp.sys

20:03:32.0237 0x11a0 usbccgp - ok

20:03:32.0253 0x11a0 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\windows\System32\drivers\usbcir.sys

20:03:32.0253 0x11a0 usbcir - ok

20:03:32.0253 0x11a0 [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci C:\windows\System32\drivers\usbehci.sys

20:03:32.0253 0x11a0 usbehci - ok

20:03:32.0268 0x11a0 [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub C:\windows\System32\drivers\usbhub.sys

20:03:32.0268 0x11a0 usbhub - ok

20:03:32.0284 0x11a0 [ 140AFDF144CFC90F4851121B225F9896, 940E5967D507E05CFACDEFCE19EC8D58C556324B7AEEC6AFF631FE8C50C1253B ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys

20:03:32.0300 0x11a0 USBHUB3 - ok

20:03:32.0300 0x11a0 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\windows\System32\drivers\usbohci.sys

20:03:32.0300 0x11a0 usbohci - ok

20:03:32.0300 0x11a0 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\windows\System32\drivers\usbprint.sys

20:03:32.0300 0x11a0 usbprint - ok

20:03:32.0315 0x11a0 [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS

20:03:32.0315 0x11a0 USBSTOR - ok

20:03:32.0315 0x11a0 [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci C:\windows\System32\drivers\usbuhci.sys

20:03:32.0315 0x11a0 usbuhci - ok

20:03:32.0331 0x11a0 [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

20:03:32.0331 0x11a0 usbvideo - ok

20:03:32.0331 0x11a0 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS

20:03:32.0347 0x11a0 USBXHCI - ok

20:03:32.0347 0x11a0 valWBFPolicyService - ok

20:03:32.0347 0x11a0 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\windows\system32\lsass.exe

20:03:32.0347 0x11a0 VaultSvc - ok

20:03:32.0347 0x11a0 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

20:03:32.0347 0x11a0 vdrvroot - ok

20:03:32.0378 0x11a0 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\windows\System32\vds.exe

20:03:32.0393 0x11a0 vds - ok

20:03:32.0393 0x11a0 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys

20:03:32.0409 0x11a0 VerifierExt - ok

20:03:32.0409 0x11a0 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\windows\System32\drivers\vhdmp.sys

20:03:32.0425 0x11a0 vhdmp - ok

20:03:32.0425 0x11a0 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\windows\system32\drivers\viaide.sys

20:03:32.0425 0x11a0 viaide - ok

20:03:32.0440 0x11a0 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\windows\System32\drivers\Vid.sys

20:03:32.0440 0x11a0 Vid - ok

20:03:32.0440 0x11a0 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\windows\system32\drivers\vmbus.sys

20:03:32.0440 0x11a0 vmbus - ok

20:03:32.0456 0x11a0 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys

20:03:32.0456 0x11a0 VMBusHID - ok

20:03:32.0456 0x11a0 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\windows\System32\drivers\vmbusr.sys

20:03:32.0456 0x11a0 vmbusr - ok

20:03:32.0472 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\windows\System32\ICSvc.dll

20:03:32.0472 0x11a0 vmicguestinterface - ok

20:03:32.0487 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\windows\System32\ICSvc.dll

20:03:32.0503 0x11a0 vmicheartbeat - ok

20:03:32.0503 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\windows\System32\ICSvc.dll

20:03:32.0518 0x11a0 vmickvpexchange - ok

20:03:32.0534 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\windows\System32\ICSvc.dll

20:03:32.0534 0x11a0 vmicrdv - ok

20:03:32.0550 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\windows\System32\ICSvc.dll

20:03:32.0565 0x11a0 vmicshutdown - ok

20:03:32.0565 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\windows\System32\ICSvc.dll

20:03:32.0581 0x11a0 vmictimesync - ok

20:03:32.0597 0x11a0 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\windows\System32\ICSvc.dll

20:03:32.0597 0x11a0 vmicvss - ok

20:03:32.0597 0x11a0 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\windows\system32\drivers\volmgr.sys

20:03:32.0597 0x11a0 volmgr - ok

20:03:32.0612 0x11a0 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\windows\system32\drivers\volmgrx.sys

20:03:32.0628 0x11a0 volmgrx - ok

20:03:32.0628 0x11a0 [ 3595FBDF25F8BA6256072D103937D7D6, 547AA103804790E31F6E5658923627945948B48F36354EEA2FC0FE09098F9FD5 ] volsnap C:\windows\system32\drivers\volsnap.sys

20:03:32.0643 0x11a0 volsnap - ok

20:03:32.0643 0x11a0 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\windows\System32\drivers\vpci.sys

20:03:32.0643 0x11a0 vpci - ok

20:03:32.0643 0x11a0 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\windows\System32\drivers\vpcivsp.sys

20:03:32.0643 0x11a0 vpcivsp - ok

20:03:32.0659 0x11a0 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\windows\system32\drivers\vsmraid.sys

20:03:32.0659 0x11a0 vsmraid - ok

20:03:32.0690 0x11a0 [ 4957B27219515B93A508B91068B87BF5, 5B6B37A57FC8F4FC8B119C013338292550C63AB5295A596D382D8DCF26D751A2 ] VSS C:\windows\system32\vssvc.exe

20:03:32.0706 0x11a0 VSS - ok

20:03:32.0722 0x11a0 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys

20:03:32.0722 0x11a0 VSTXRAID - ok

20:03:32.0722 0x11a0 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\windows\System32\drivers\vwifibus.sys

20:03:32.0722 0x11a0 vwifibus - ok

20:03:32.0722 0x11a0 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

20:03:32.0722 0x11a0 vwififlt - ok

20:03:32.0737 0x11a0 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

20:03:32.0737 0x11a0 vwifimp - ok

20:03:32.0737 0x11a0 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\windows\system32\w32time.dll

20:03:32.0753 0x11a0 W32Time - ok

20:03:32.0753 0x11a0 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\windows\System32\drivers\wacompen.sys

20:03:32.0753 0x11a0 WacomPen - ok

20:03:32.0784 0x11a0 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\windows\system32\wbengine.exe

20:03:32.0800 0x11a0 wbengine - ok

20:03:32.0815 0x11a0 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\windows\System32\wbiosrvc.dll

20:03:32.0831 0x11a0 WbioSrvc - ok

20:03:32.0831 0x11a0 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\windows\System32\wcmsvc.dll

20:03:32.0847 0x11a0 Wcmsvc - ok

20:03:32.0847 0x11a0 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\windows\System32\wcncsvc.dll

20:03:32.0862 0x11a0 wcncsvc - ok

20:03:32.0862 0x11a0 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

20:03:32.0862 0x11a0 WcsPlugInService - ok

20:03:32.0862 0x11a0 [ 241895E8A9C158DF86E12FDD21033A32, 46D4BF6319271AC33EC1C7283053B91D38A3D5443F3F749E640253FDC2819679 ] WdBoot C:\windows\system32\drivers\WdBoot.sys

20:03:32.0878 0x11a0 WdBoot - ok

20:03:32.0893 0x11a0 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

20:03:32.0893 0x11a0 Wdf01000 - ok

20:03:32.0909 0x11a0 [ C52148456E0F6EAD9E903020A79207FC, 7DEB2D7D09FB005A79E88FA8766B7EBE0396F0CA084D72269156874C727FBFF4 ] WdFilter C:\windows\system32\drivers\WdFilter.sys

20:03:32.0909 0x11a0 WdFilter - ok

20:03:32.0909 0x11a0 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\windows\system32\wdi.dll

20:03:32.0909 0x11a0 WdiServiceHost - ok

20:03:32.0925 0x11a0 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\windows\system32\wdi.dll

20:03:32.0925 0x11a0 WdiSystemHost - ok

20:03:32.0925 0x11a0 [ 57F22324FAAF92ADF957B281E88F1743, 46CFBA6529E28756D73A00A211C3D72E9854E035EE6F2520066E074697A9745E ] WdNisDrv C:\windows\system32\Drivers\WdNisDrv.sys

20:03:32.0925 0x11a0 WdNisDrv - ok

20:03:32.0925 0x11a0 WdNisSvc - ok

20:03:32.0940 0x11a0 [ 6588A957873326361AB1CAC4E76F8394, BE17880CEDCAE5ED3B983443E3777842646A3E48B661422A717656E11F6DBA94 ] WebClient C:\windows\System32\webclnt.dll

20:03:32.0940 0x11a0 WebClient - ok

20:03:32.0940 0x11a0 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\windows\system32\wecsvc.dll

20:03:32.0956 0x11a0 Wecsvc - ok

20:03:32.0956 0x11a0 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\windows\system32\wephostsvc.dll

20:03:32.0956 0x11a0 WEPHOSTSVC - ok

20:03:32.0972 0x11a0 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\windows\System32\wercplsupport.dll

20:03:32.0972 0x11a0 wercplsupport - ok

20:03:32.0972 0x11a0 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\windows\System32\WerSvc.dll

20:03:32.0972 0x11a0 WerSvc - ok

20:03:32.0987 0x11a0 [ 2E3E82D7B1076B90F4E228A8EF17B261, 0492F8E0BE09DAD9922E85CCA7BCB1548CB9DC5841F46174A0657FDC59AAC3CE ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys

20:03:32.0987 0x11a0 WFPLWFS - ok

20:03:32.0987 0x11a0 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\windows\System32\wiarpc.dll

20:03:32.0987 0x11a0 WiaRpc - ok

20:03:33.0003 0x11a0 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

20:03:33.0003 0x11a0 WIMMount - ok

20:03:33.0003 0x11a0 WinDefend - ok

20:03:33.0018 0x11a0 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll

20:03:33.0034 0x11a0 WinHttpAutoProxySvc - ok

20:03:33.0034 0x11a0 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

20:03:33.0050 0x11a0 Winmgmt - ok

20:03:33.0081 0x11a0 [ 690C3FC5C9DBD6B9AEDF8341EC720E41, 0E4412BB6DEB5761F7A889FD90821FAFD7C6E173F449EAB3A0446BA653D6AD0C ] WinRM C:\windows\system32\WsmSvc.dll

20:03:33.0128 0x11a0 WinRM - ok

20:03:33.0128 0x11a0 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\windows\System32\drivers\WinUSB.sys

20:03:33.0128 0x11a0 WinUsb - ok

20:03:33.0159 0x11a0 [ 24A00398FA1FB4A4F52ABDE16899A9A3, C8C7ABD12519D495A7DCAA1D6FA7C2BB6486708C148012C103D4AA8B165DF29B ] WlanSvc C:\windows\System32\wlansvc.dll

20:03:33.0190 0x11a0 WlanSvc - ok

20:03:33.0222 0x11a0 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\windows\system32\wlidsvc.dll

20:03:33.0253 0x11a0 wlidsvc - ok

20:03:33.0268 0x11a0 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys

20:03:33.0268 0x11a0 WmiAcpi - ok

20:03:33.0268 0x11a0 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

20:03:33.0268 0x11a0 wmiApSrv - ok

20:03:33.0268 0x11a0 WMPNetworkSvc - ok

20:03:33.0284 0x11a0 [ 87FBA2BA39C48250C89FC793CAA5D0EE, C6159C7B0F77469ACC8BDF4CD9F76C15E03C85FA977D3BCEC6868CBCDC283CED ] Wof C:\windows\system32\drivers\Wof.sys

20:03:33.0284 0x11a0 Wof - ok

20:03:33.0315 0x11a0 [ 65C65F3BD784158C456E721DDC9F0EA2, CBD3ADFD960456BD4B9557BF691E12D31153499549F5D3D08258BD62013952ED ] workfolderssvc C:\windows\system32\workfolderssvc.dll

20:03:33.0347 0x11a0 workfolderssvc - ok

20:03:33.0347 0x11a0 [ C1F564F324685C088ECAB1933576CF91, 022F0EC160352AB73AF7DA557D1A5798964231B82C556F22F4163E8B3E4088B2 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys

20:03:33.0347 0x11a0 wpcfltr - ok

20:03:33.0347 0x11a0 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\windows\System32\wpcsvc.dll

20:03:33.0347 0x11a0 WPCSvc - ok

20:03:33.0362 0x11a0 [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

20:03:33.0362 0x11a0 WPDBusEnum - ok

20:03:33.0362 0x11a0 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys

20:03:33.0362 0x11a0 WpdUpFltr - ok

20:03:33.0362 0x11a0 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

20:03:33.0362 0x11a0 ws2ifsl - ok

20:03:33.0378 0x11a0 [ 515583507D3828E827FF6352C9ACCEFA, D0C42020FA787804DA26FE07D67C8880FE027A230BD9EB6A706862D89181F2BE ] wscsvc C:\windows\System32\wscsvc.dll

20:03:33.0378 0x11a0 wscsvc - ok

20:03:33.0378 0x11a0 WSearch - ok

20:03:33.0440 0x11a0 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\windows\System32\WSService.dll

20:03:33.0503 0x11a0 WSService - ok

20:03:33.0565 0x11a0 [ 0263439206D96DFF76B8C0873E1D7269, 79359C5712F3ABD003427B39F70DE0C3DFEC81247D3C802F167B9599D7A9A702 ] wuauserv C:\windows\system32\wuaueng.dll

20:03:33.0612 0x11a0 wuauserv - ok

20:03:33.0628 0x11a0 [ 2FEAE33E9B2B56104596E1BA444405A9, 0A142F50E06F6224B9CB36B3CE62BE0B36DE8B8DB9F9E05D287DFB884CC7826E ] WudfPf C:\windows\system32\drivers\WudfPf.sys

20:03:33.0628 0x11a0 WudfPf - ok

20:03:33.0628 0x11a0 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys

20:03:33.0643 0x11a0 WUDFRd - ok

20:03:33.0643 0x11a0 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFSensorLP C:\windows\system32\DRIVERS\WUDFRd.sys

20:03:33.0643 0x11a0 WUDFSensorLP - ok

20:03:33.0659 0x11a0 [ BB73CBC65AABC4EA0A5C6A1474A0A743, D644B3C6A7202CADDADB3B68FE1B2A7C76B023FE58F667EED4D538C1F4A65D64 ] wudfsvc C:\windows\System32\WUDFSvc.dll

20:03:33.0659 0x11a0 wudfsvc - ok

20:03:33.0659 0x11a0 [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys

20:03:33.0659 0x11a0 WUDFWpdFs - ok

20:03:33.0675 0x11a0 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\windows\System32\wwansvc.dll

20:03:33.0690 0x11a0 WwanSvc - ok

20:03:33.0768 0x11a0 [ C4C5C3198C3261BEC89E6C3631047BAF, 78E5604B4B2A184B328C0669781DF11A35AFC04E7375CAB4DB9A48D74929137D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

20:03:33.0831 0x11a0 ZeroConfigService - ok

20:03:33.0847 0x11a0 ================ Scan global ===============================

20:03:33.0847 0x11a0 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\windows\system32\basesrv.dll

20:03:33.0862 0x11a0 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\windows\system32\winsrv.dll

20:03:33.0862 0x11a0 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\windows\system32\sxssrv.dll

20:03:33.0878 0x11a0 [ B4B610BBCB002EC478C6FD80CF915697, CE22B87A7C7C0D325CE66FB97E7318B4A41EE0BD14D902A410126A1EBBEAA6FB ] C:\windows\system32\services.exe

20:03:33.0878 0x11a0 [ Global ] - ok

20:03:33.0878 0x11a0 ================ Scan MBR ==================================

20:03:33.0878 0x11a0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0

20:03:33.0878 0x11a0 \Device\Harddisk0\DR0 - ok

20:03:33.0878 0x11a0 ================ Scan VBR ==================================

20:03:33.0893 0x11a0 [ 8C239ED64400A65D93A2F6A6AA7E49DB ] \Device\Harddisk0\DR0\Partition1

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition1 - ok

20:03:33.0893 0x11a0 [ 9B21496E8DC31D489D1CE9C3B5B87CCE ] \Device\Harddisk0\DR0\Partition2

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition2 - ok

20:03:33.0893 0x11a0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition3 - ok

20:03:33.0893 0x11a0 [ 59F7533C50411171192EDC53359F3796 ] \Device\Harddisk0\DR0\Partition4

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition4 - ok

20:03:33.0893 0x11a0 [ 605E24F7A62096D812942BC95E7EE585 ] \Device\Harddisk0\DR0\Partition5

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition5 - ok

20:03:33.0893 0x11a0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition6

20:03:33.0893 0x11a0 \Device\Harddisk0\DR0\Partition6 - ok

20:03:33.0909 0x11a0 ================ Scan generic autorun ======================

20:03:33.0909 0x11a0 BTMTrayAgent - ok

20:03:33.0909 0x11a0 [ 08593F82008D1524079C7CEA3D7F28F4, D6FF1875593D2BFFC137F9AD91C7A77916B83631B1D0BB97FF826F77D139B892 ] C:\windows\system32\TpShocks.exe

20:03:33.0925 0x11a0 TpShocks - ok

20:03:33.0925 0x11a0 [ 98A59EBC078F43DD1317ABE6A15E6FEE, 517665EC0179F4FE34F456C7D830AE1C557781DFAC1AA5129E0B29B08CA68FFC ] C:\windows\system32\igfxtray.exe

20:03:33.0925 0x11a0 IgfxTray - ok

20:03:33.0940 0x11a0 [ E96FB51EEB6B02EA72CE63C28FB6B4EE, A8109D5C71C75CFB5F6134243B87F23C25BA37C534F5DA665D52CCE1C511F444 ] C:\windows\system32\hkcmd.exe

20:03:33.0956 0x11a0 HotKeysCmds - ok

20:03:33.0972 0x11a0 [ 5B0688BCF9276BCD23928061CA85D988, AAFFAD42B4183A333606C86CFB094DD7ECD07B78DD0A8E8F37E50BF62FCBF307 ] C:\windows\system32\igfxpers.exe

20:03:33.0987 0x11a0 Persistence - ok

20:03:34.0003 0x11a0 LENOVO.TPKNRRES - ok

20:03:34.0034 0x11a0 [ 72B851911C25A12185C0B02B7296EF76, 1BAE524B79C9DF7E69CAA1C3E341B4EE3128F006262D3EA53E699DF5DD9B879B ] C:\Program Files (x86)\Integrated Camera\monitor.exe

20:03:34.0050 0x11a0 Integrated Camera_Monitor - ok

20:03:34.0050 0x11a0 [ 3A04163C21393955C5468B3E01F5682E, 9BED211168C51DAFE8D821DDAABFD424239A557182FE7B5716BD143DCCF7C162 ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe

20:03:34.0065 0x11a0 IMSS - ok

20:03:34.0065 0x11a0 [ 2EBE05FD8ECBA5F230FC26E534E91A11, B8E85D51BD4E6C0D4D447DFA327EAA0AE4A33F04F42063A58122153933C1770E ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

20:03:34.0081 0x11a0 ConnectionCenter - ok

20:03:34.0081 0x11a0 [ 17D9622BFE68386E8C647C4C7F8FEA3E, 50F943F2E47512DCE61A9EBB188361CB71CACC74D9397FA1367AB7112F2C7A09 ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

20:03:34.0081 0x11a0 Redirector - ok

20:03:34.0081 0x11a0 Waiting for KSN requests completion. In queue: 256

20:03:35.0097 0x11a0 Waiting for KSN requests completion. In queue: 256

20:03:36.0112 0x11a0 Waiting for KSN requests completion. In queue: 256

20:03:37.0128 0x11a0 Waiting for KSN requests completion. In queue: 256

20:03:38.0144 0x11a0 Waiting for KSN requests completion. In queue: 256

20:03:39.0190 0x11a0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.4.304.0 ), 0x60100 ( disabled : updated )

20:03:39.0190 0x11a0 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51000 ( enabled : updated )

20:03:39.0190 0x11a0 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe ( ), 0x50000 ( disabled : updated )

20:03:39.0190 0x11a0 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe ( ), 0x50010 ( disabled )

20:03:39.0190 0x11a0 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )

20:03:41.0815 0x11a0 ============================================================

20:03:41.0815 0x11a0 Scan finished

20:03:41.0815 0x11a0 ============================================================

20:03:41.0815 0x0f84 Detected object count: 0

20:03:41.0815 0x0f84 Actual detected object count: 0

 

***

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-23 19:51:17
-----------------------------
19:51:17.452    OS Version: Windows x64 6.2.9200
19:51:17.452    Number of processors: 4 586 0x4501
19:51:17.452    ComputerName: LENOVO-PC  UserName: David
19:51:17.765    Initialize success
19:51:17.827    VM: initialized successfully
19:51:17.827    VM: Intel CPU BiosDisabled
19:52:12.982    AVAST engine defs: 15032301
19:52:18.831    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
19:52:18.831    Disk 0 Vendor: SAMSUNG_MZ7TE512HMHP-000L1 EXT06L0Q Size: 488386MB BusType: 11
19:52:18.846    Disk 0 MBR read successfully
19:52:18.846    Disk 0 MBR scan
19:52:18.846    Disk 0 unknown MBR code
19:52:18.846    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:52:18.862    Disk 0 scanning C:\windows\system32\drivers
19:52:22.737    Service scanning
19:52:23.456    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150309.001\BHDrvx64.sys **LOCKED** 5
19:52:24.362    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
19:52:24.424    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
19:52:25.174    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150320.001\IDSvia64.sys **LOCKED** 5
19:52:26.565    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150321.003\ENG64.SYS **LOCKED** 5
19:52:26.628    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150321.003\EX64.SYS **LOCKED** 5
19:52:31.768    Modules scanning
19:52:31.768    Disk 0 trace - called modules:
19:52:31.800    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:52:31.800    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001a3bf4060]
19:52:31.815    3 CLASSPNP.SYS[fffff800138e7abb] -> nt!IofCallDriver -> [0xffffe001a1dfaa40]
19:52:31.831    5 ACPI.sys[fffff80012d617aa] -> nt!IofCallDriver -> \Device\00000032[0xffffe001a1dfa060]
19:52:32.253    AVAST engine scan C:\windows
19:52:32.971    AVAST engine scan C:\windows\system32
19:53:40.722    AVAST engine scan C:\windows\system32\drivers
19:53:45.910    AVAST engine scan C:\Users\David
19:54:35.207    AVAST engine scan C:\ProgramData
19:54:42.911    Disk 0 statistics 3260049/0/0 @ 23.39 MB/s
19:54:42.911    Scan finished successfully
19:57:44.725    Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
19:57:44.725    The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   143bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 24 March 2015 - 08:06 AM

The last logs are clean.

You did check for any Microsoft Security updates that may need to be installed?

===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

Keep me posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 30 March 2015 - 09:22 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 04 April 2015 - 07:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#11 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:12:50 AM

Posted 05 April 2015 - 06:56 PM

This topic has been re-opened at the request of the person who originally posted.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 06 April 2015 - 07:26 AM

I'm listening.
nasdaq

#13 dhneedham

dhneedham
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 06 April 2015 - 09:08 AM

Thanks nasdaq.  I tried to wipe the whole drive to start fresh but the Pokki program was back.  I re ran all the previous steps so we're back to before you said do the last good configuration.  I'm operating Windows 8.1 Pro so I'm not sure if that's what the option is called (v. in Windows 7).  Also, the fan is still running a lot, the laptop is pretty hot, it never seems to rest and the battery is going down pretty quickly.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:50 AM

Posted 06 April 2015 - 12:55 PM

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#15 dhneedham

dhneedham
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 07 April 2015 - 01:46 PM

Great thanks.  I've ran Malware Bytes, Awcleaner, and FBAR.  The logs are pasted below, except for the additional FBAR one, which is attached.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/7/2015
Scan Time: 2:29:10 PM
Logfile: 1.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.07.04
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354503
Time Elapsed: 6 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
---
 
# AdwCleaner v4.200 - Logfile created 07/04/2015 at 14:39:26
# Updated 29/03/2015 by Xplode
# Database : 2015-04-06.3 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : David - LENOVO-PC
# Running from : C:\Users\David\Downloads\adwcleaner_4.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [737 bytes] - [05/04/2015 18:17:12]
AdwCleaner[R1].txt - [1000 bytes] - [07/04/2015 14:39:26]
AdwCleaner[S0].txt - [802 bytes] - [05/04/2015 18:18:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1117 bytes] ##########
 
 
---
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by David (administrator) on LENOVO-PC on 07-04-2015 14:42:50
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available profiles: David)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720696 2013-09-27] (SunplusIT, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-1693113198-3919520079-1835859029-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1693113198-3919520079-1835859029-1001 -> {1659E0D7-70B4-496B-8724-B4145F6A95EE} URL = 
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-07] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFFPlgn [2015-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://citrix.quinnemanuel.com/
CHR StartupUrls: Default -> "hxxp://gmail.com/", "hxxp://citrix.quinnemanuel.com/"
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-07]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-07]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-07]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07]
CHR Extension: (Video Downloader professional) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-07]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-04-07]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-07]
CHR Extension: (AdBlock Premium) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-04-07]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-07]
CHR Extension: (Hola Better Internet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-04-07]
CHR Extension: (Adblock Super) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-04-07]
CHR Extension: (Auto HD For YouTube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2015-04-07]
CHR Extension: (Ashish Mishra) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-04-07]
CHR Extension: (Boomerang for Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2015-04-07]
CHR Extension: (Video download helper) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkioblodjcgkdailhejgcocjkkoochj [2015-04-07]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07]
CHR Extension: (Adblock Pro) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-04-07]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-14] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-04] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-17] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-20] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2015-04-05] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-03-09] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2014-02-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [322608 2014-02-12] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-04-05] (Symantec Corporation)
S3 EraserUtilDrv11411; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [142640 2015-04-05] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [119240 2013-10-14] (Intel Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150406.001\IDSvia64.sys [671448 2015-04-03] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-10-04] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150406.032\ENG64.SYS [129752 2015-04-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150406.032\EX64.SYS [2137304 2015-04-05] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-03-31] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-25] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1515256 2013-10-09] (Sunplus)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1500000.064\SRTSP64.SYS [854616 2013-07-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1500000.064\SYMNETS.SYS [590424 2013-07-31] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 14:42 - 2015-04-07 14:43 - 00024631 _____ () C:\Users\David\Downloads\FRST.txt
2015-04-07 14:41 - 2015-04-07 14:41 - 00001266 _____ () C:\Users\David\Desktop\AdwCleaner[S1]2.txt
2015-04-07 14:40 - 2015-04-07 14:40 - 00001196 _____ () C:\Users\David\Desktop\AdwCleaner[R1].txt
2015-04-07 14:38 - 2015-04-07 14:38 - 00001037 _____ () C:\Users\David\Desktop\1.txt
2015-04-07 14:11 - 2015-04-07 14:11 - 02208768 _____ () C:\Users\David\Downloads\adwcleaner_4.200.exe
2015-04-07 14:11 - 2015-04-07 14:11 - 02095616 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-04-07 14:07 - 2015-04-07 14:41 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-07 14:07 - 2015-04-07 14:07 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-07 14:07 - 2015-04-07 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-07 14:06 - 2015-04-07 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-07 14:06 - 2015-04-07 14:06 - 00002041 _____ () C:\Users\Public\Desktop\QE Citrix.lnk
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\Users\David\AppData\Roaming\ICAClient
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\Users\David\AppData\Local\Citrix
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Citrix
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\ProgramData\Citrix
2015-04-07 14:06 - 2015-04-07 14:06 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-04-07 14:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-07 14:06 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-07 14:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-07 14:04 - 2015-04-07 14:04 - 00002290 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-07 14:04 - 2015-04-07 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-07 14:03 - 2015-04-07 14:41 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-07 14:03 - 2015-04-07 14:08 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 14:03 - 2015-04-07 14:04 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2015-04-07 14:03 - 2015-04-07 14:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 14:03 - 2015-04-07 14:03 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-07 14:03 - 2015-04-07 14:03 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-07 14:03 - 2015-04-07 14:03 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2015-04-07 14:03 - 2015-04-07 14:03 - 00000000 ____D () C:\Users\David\AppData\Local\Apps\2.0
2015-04-05 22:00 - 2015-04-05 22:00 - 00000000 ____D () C:\windows\CSC
2015-04-05 21:59 - 2015-04-05 21:59 - 00000000 _____ () C:\Recovery.txt
2015-04-05 18:30 - 2015-04-05 18:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-05 18:30 - 2015-04-05 18:30 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-04-05 18:17 - 2015-04-07 14:40 - 00000000 ____D () C:\AdwCleaner
2015-04-05 18:17 - 2015-04-05 18:17 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_wbf_vfs_lvcmn_01_09_00.Wdf
2015-04-05 18:14 - 2015-04-07 14:22 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1693113198-3919520079-1835859029-1001
2015-04-05 18:12 - 2015-04-07 14:42 - 00000000 ____D () C:\FRST
2015-04-05 18:07 - 2015-04-05 18:07 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieUserList
2015-04-05 18:07 - 2015-04-05 18:07 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieSiteList
2015-04-05 18:07 - 2015-04-05 18:07 - 00000000 ____D () C:\Users\Public\Pokki
2015-04-05 18:06 - 2015-04-07 14:41 - 00000000 ___RD () C:\Users\David\OneDrive
2015-04-05 18:05 - 2015-04-07 14:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nitro PDF
2015-04-05 18:05 - 2015-04-05 18:06 - 00000000 ____D () C:\Users\David\AppData\Local\Packages
2015-04-05 18:05 - 2015-04-05 18:06 - 00000000 ____D () C:\Users\David\AppData\Local\Lenovo
2015-04-05 18:05 - 2015-04-05 18:06 - 00000000 ____D () C:\Users\David
2015-04-05 18:05 - 2015-04-05 18:05 - 00016312 _____ () C:\windows\system32\results.xml
2015-04-05 18:05 - 2015-04-05 18:05 - 00001457 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-05 18:05 - 2015-04-05 18:05 - 00000193 _____ () C:\Users\David\AppData\Local\RegisteredPackageInformation.xml
2015-04-05 18:05 - 2015-04-05 18:05 - 00000020 ___SH () C:\Users\David\ntuser.ini
2015-04-05 18:05 - 2015-04-05 18:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Intel
2015-04-05 18:05 - 2015-04-05 18:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2015-04-05 18:05 - 2015-04-05 18:05 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2015-04-05 18:05 - 2015-01-21 04:10 - 00000000 ____D () C:\Users\David\AppData\Roaming\Macromedia
2015-04-05 18:05 - 2015-01-21 04:00 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-05 18:05 - 2015-01-21 04:00 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-05 18:05 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-05 18:05 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-05 18:05 - 2013-12-11 18:40 - 00002092 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Update Search.lnk
2015-04-05 18:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-05 18:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 14:42 - 2015-01-21 04:14 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2015-04-07 14:42 - 2015-01-21 04:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-07 14:42 - 2015-01-21 04:13 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2015-04-07 14:40 - 2015-01-21 04:12 - 00000000 ____D () C:\ProgramData\Validity
2015-04-07 14:40 - 2013-10-07 14:23 - 00003280 _____ () C:\windows\PFRO.log
2015-04-07 14:40 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-07 14:40 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-07 14:12 - 2015-01-21 03:47 - 00471015 _____ () C:\windows\WindowsUpdate.log
2015-04-07 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-07 14:01 - 2015-01-21 04:10 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2015-04-07 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-07 13:54 - 2013-10-07 14:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-05 22:00 - 2015-01-21 04:02 - 00000000 ____D () C:\ProgramData\Intel
2015-04-05 22:00 - 2013-08-22 10:44 - 00335784 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-05 21:59 - 2013-08-22 11:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2015-04-05 19:50 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-05 18:59 - 2013-08-22 10:46 - 00017821 _____ () C:\windows\setupact.log
2015-04-05 18:37 - 2015-01-21 04:29 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-05 18:29 - 2015-01-21 04:11 - 00000000 ____D () C:\windows\System32\Tasks\TVT
2015-04-05 18:29 - 2015-01-21 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-05 18:29 - 2015-01-21 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-05 18:29 - 2015-01-21 04:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-05 18:17 - 2015-01-21 04:12 - 00000000 ____D () C:\windows\LastGood
2015-04-05 18:17 - 2015-01-21 03:47 - 00000000 ____D () C:\Program Files\Synaptics
2015-04-05 18:17 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2015-04-05 18:06 - 2015-01-21 04:10 - 00000000 ____D () C:\Users\Public\Lenovo
2015-04-05 18:06 - 2015-01-21 04:01 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-05 18:05 - 2015-01-21 04:16 - 00096854 _____ () C:\windows\modules.log
2015-04-05 18:05 - 2015-01-21 04:13 - 00000000 ____D () C:\ProgramData\Norton
 
==================== Files in the root of some directories =======
 
2015-04-05 18:05 - 2015-04-05 18:05 - 0000193 _____ () C:\Users\David\AppData\Local\RegisteredPackageInformation.xml
2015-01-21 04:03 - 2015-01-21 04:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
C:\Users\David\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-10-07 14:23
 
==================== End Of Log ============================
 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users