Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure what's Going On...


  • This topic is locked This topic is locked
17 replies to this topic

#1 RadicalPirate

RadicalPirate

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 17 May 2015 - 06:07 PM

So about a month ago, I began having some random problems with my computer. First, it stopped letting me update Windows. Then, certain other programs. Other programs will not open at all, such as CCleaner. My volume controls, of all things, do not open nor display when I adjest my volume. I cannot even open Windows Task Manager. It opens and then quickly shuts down. I ran usual checks and scans for anything. I used Avast!, Malware Bytes, Super Anti-Spyware, and Spybot Search and Destroy. I ran scans in safe mode as well as boot scans. Nothing. At a loss, a friend suggested that I run HijackThis and give you guys the results. I hope you guys are able to help me out here. I looked at it, and it appears files are missing? But I have not deleted anything, so I am at a loss there.

 

Thank you to all for your help.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:48:09 PM, on 5/17/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 37.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Tori\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E343CED88E4CAEA33D87656C3372D0D1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [f.lux] "C:\Users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- "http://www.superantispyware.com/whatsnew.html?version=5, 7, 0, 1026&trial=no&activated=no&appid={CAB25C1E-99BA-44AA-B6E5-AE70B1C06F29}"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
O4 - Startup: Continue system repair.lnk = C:\Program Files\UVK - Ultra Virus Killer\RebootExec.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll  
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14913 bytes
 



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 20 May 2015 - 01:06 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 20 May 2015 - 01:23 PM

Hi there Jürgen! Thank you for helping me! Here is the results from the FRST scan and the Additiona; Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Tori (administrator) on TOMATO on 20-05-2015 14:13:23
Running from C:\Users\Tori\Desktop
Loaded Profiles: Tori (Available profiles: UpdatusUser & Tori & Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Flux Software LLC) C:\Users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe.old
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-02-06] (Lenovo)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-29] (Apple Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-29] (COMODO)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-06] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-04-29] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [GoogleChromeAutoLaunch_E343CED88E4CAEA33D87656C3372D0D1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-15] (Google Inc.)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [Google Update] => C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-07] (Google Inc.)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [f.lux] => C:\Users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-03-13] (Flux Software LLC)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-29] (Piriform Ltd)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-15] (Google Inc.)
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\avastSS.scr [43112 2015-05-01] (Avast Software s.r.o.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [247144 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [202600 2012-10-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-05-13]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue system repair.lnk [2015-05-13]
ShortcutTarget: Continue system repair.lnk -> C:\Program Files\UVK - Ultra Virus Killer\RebootExec.exe (Carifred)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-02-06] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS479
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tori\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: @talk.google.com/O1DPlugin -> C:\Users\Tori\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tori\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2195519750-1132866062-3218553652-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll [2012-12-27] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tori\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tori\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Lightbeam - C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-25]
FF Extension: Reddit Enhancement Suite - C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-04]
FF Extension: Adblock Plus - C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-03]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2012-10-29]
CHR Extension: (Entanglement Web App) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2012-10-29]
CHR Extension: (Google Drive) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-29]
CHR Extension: (Google Search) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-29]
CHR Extension: (Google+) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2012-10-29]
CHR Extension: (Google Calendar) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-09]
CHR Extension: (AdBlock) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-29]
CHR Extension: (Avast Online Security) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-14]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-10]
CHR Extension: (World of Solitaire) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2012-10-29]
CHR Extension: (rikaikun) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2013-06-09]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-10-29]
CHR Extension: (Build with Chrome) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2013-06-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-29]
CHR Extension: (Solve a Cipher!) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmgkpnbfgimlalkolndeccanfnbpogcd [2012-10-29]
CHR Extension: (Google Mail Checker) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-10-29]
CHR Extension: (Ghostery) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-29]
CHR Extension: (Hangouts) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-08-11]
CHR Extension: (Google Wallet) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Weather Underground) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2012-10-29]
CHR Extension: (Gmail) - C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-04-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2015-05-02] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2015-05-02] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-29] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-29] (COMODO)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 14:13 - 2015-05-20 14:14 - 00029979 _____ () C:\Users\Tori\Desktop\FRST.txt
2015-05-20 14:11 - 2015-05-20 14:13 - 00000000 ____D () C:\FRST
2015-05-20 14:09 - 2015-05-20 14:09 - 02107904 _____ (Farbar) C:\Users\Tori\Desktop\FRST64.exe
2015-05-17 19:13 - 2015-05-17 19:13 - 00003118 _____ () C:\windows\System32\Tasks\{EA3D294E-FA7E-4EA7-81BB-B13E5CD119D2}
2015-05-17 18:41 - 2015-05-17 18:48 - 00014915 _____ () C:\Users\Tori\Downloads\hijackthis.log
2015-05-17 18:07 - 2015-05-17 18:08 - 00003556 _____ () C:\Users\Tori\Desktop\Rkill.txt
2015-05-17 18:06 - 2015-05-17 18:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tori\Downloads\HijackThis.exe
2015-05-17 18:02 - 2015-05-17 18:03 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Tori\Downloads\rkill.exe
2015-05-13 21:02 - 2015-05-13 22:39 - 00000000 ____D () C:\windows\pss
2015-05-12 23:16 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-05-12 23:16 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-05-12 23:15 - 2015-05-12 23:15 - 00977624 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2015-05-12 23:15 - 2015-05-12 23:15 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2015-05-12 23:10 - 2015-05-12 23:10 - 00000000 ____D () C:\Users\Tori\Downloads\0005-Install_Win7_7092_04092015
2015-05-12 23:08 - 2015-05-12 23:08 - 06187877 _____ () C:\Users\Tori\Downloads\0005-Install_Win7_7092_04092015.zip
2015-05-12 23:03 - 2015-05-12 23:05 - 131104768 _____ (Intel Corporation) C:\Users\Tori\Downloads\win64_152823.exe
2015-05-12 23:01 - 2015-05-12 23:11 - 69999448 _____ (Microsoft Corporation) C:\Users\Tori\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-05-12 22:16 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:16 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:08 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-12 22:08 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-12 22:08 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-12 22:08 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-12 22:08 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-12 22:08 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-12 22:08 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-12 22:08 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-12 22:08 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-12 22:08 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-12 22:08 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-12 22:08 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-12 22:08 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-12 22:08 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-12 22:08 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-12 22:08 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-12 22:08 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-12 22:08 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-12 22:08 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-12 22:08 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-12 22:08 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-12 22:08 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-12 22:08 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-12 22:08 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-12 22:08 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-12 22:08 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 22:08 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-12 22:08 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-12 22:08 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-12 22:08 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-12 22:08 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-12 22:08 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-12 22:08 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-12 22:08 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-12 22:08 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-12 22:08 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-12 22:08 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-12 22:08 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-12 22:08 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-12 22:08 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-12 22:08 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-12 22:08 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-12 22:08 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-12 22:08 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-12 22:08 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-12 22:08 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-12 22:08 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 22:08 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-12 22:08 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-12 22:08 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-12 22:08 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-12 22:08 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-12 22:08 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-12 22:08 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-12 22:08 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-12 22:08 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-12 22:08 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-12 22:08 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-12 22:08 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-12 22:08 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-12 22:08 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-12 22:08 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-12 22:08 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-12 22:08 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-12 22:08 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-12 22:07 - 2015-05-12 22:08 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-12 22:07 - 2015-05-12 22:08 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 22:07 - 2015-05-12 22:07 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-12 22:07 - 2015-05-12 22:07 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-12 22:07 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-12 22:07 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-12 22:07 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-12 22:07 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-12 22:07 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-12 22:07 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-12 22:07 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-12 22:07 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-12 22:07 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-12 22:07 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-12 22:07 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-12 22:07 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-12 22:07 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-12 22:07 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-12 22:07 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-12 22:07 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-12 22:07 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-12 22:07 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-12 22:07 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-12 22:07 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-12 22:07 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-12 22:07 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-12 22:07 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-12 22:07 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-12 22:07 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-12 22:07 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-12 22:07 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-12 22:07 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-12 22:07 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 22:07 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-12 22:07 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-12 22:07 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-12 22:07 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-12 22:07 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-12 22:07 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 22:07 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-12 22:07 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-12 22:07 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-12 22:07 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-12 22:07 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-12 22:06 - 2015-05-12 22:06 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-12 22:06 - 2015-05-12 22:06 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-12 22:06 - 2015-05-12 22:06 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-12 22:06 - 2015-05-12 22:06 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-12 22:06 - 2015-05-12 22:06 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-12 22:06 - 2015-05-12 22:06 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-12 22:06 - 2015-05-12 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-12 10:10 - 2015-05-17 16:32 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-12 10:10 - 2015-05-17 16:32 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-12 10:10 - 2015-05-12 10:10 - 00000000 ____D () C:\windows\system32\appraiser
2015-05-12 10:07 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-05-12 10:07 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-05-12 09:48 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-05-12 09:48 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-05-12 09:34 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-05-12 09:34 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-05-12 09:34 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-05-12 09:34 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-05-12 09:33 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-05-12 09:33 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-05-12 09:33 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-05-12 09:33 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-05-12 09:33 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-05-12 09:33 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-05-12 09:33 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-05-12 09:33 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-05-12 09:33 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-05-12 09:33 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-05-12 09:33 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-05-12 09:33 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-05-12 09:33 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-05-12 09:32 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-05-12 09:32 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-05-12 09:32 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-05-12 09:32 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-05-12 09:32 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-05-12 09:32 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-05-12 09:32 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-05-12 09:32 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-05-12 09:32 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-05-12 09:32 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-05-12 09:32 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-05-12 09:32 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-05-12 09:32 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-05-12 09:32 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-05-12 09:32 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-05-12 09:32 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-05-12 09:32 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-05-12 09:32 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-05-12 09:32 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-05-12 09:32 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-05-12 09:32 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-05-12 09:32 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-05-12 09:32 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-05-12 09:31 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2015-05-12 09:31 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-05-12 09:29 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-05-12 09:29 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-05-12 09:29 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-05-12 09:29 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-05-12 09:29 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-05-12 09:29 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-05-12 09:29 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-05-12 09:29 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-05-12 09:29 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-05-12 09:29 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-05-12 09:29 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-05-12 09:29 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-05-12 09:29 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-05-12 09:29 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-05-12 09:29 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-05-12 09:29 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-05-12 09:29 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-05-12 09:29 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-05-12 09:29 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-05-12 09:29 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-05-12 09:29 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-05-12 09:29 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-05-12 09:29 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-05-12 09:29 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-05-12 09:29 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-05-12 09:29 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-05-12 09:29 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-05-12 09:29 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-05-12 09:29 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-05-12 09:29 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-05-12 09:29 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-05-12 09:29 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-05-12 09:29 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-05-12 09:29 - 2014-10-13 22:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-05-12 09:29 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-05-12 09:29 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2015-05-12 09:29 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-05-12 09:29 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-05-12 09:28 - 2015-05-12 09:28 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-05-12 09:28 - 2015-05-12 09:28 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-05-12 09:28 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-05-12 09:28 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-12 09:28 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-05-12 09:28 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-05-12 09:28 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-05-12 09:28 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-05-12 09:28 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-05-12 09:28 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-05-12 09:28 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-05-12 09:28 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-05-12 09:28 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-05-12 09:27 - 2015-05-12 09:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-05-12 09:27 - 2015-05-12 09:27 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-05-12 09:27 - 2015-05-12 09:27 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-05-12 09:26 - 2015-05-12 09:26 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-05-12 09:26 - 2015-05-12 09:26 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-05-12 09:26 - 2015-05-12 09:26 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-05-12 09:26 - 2015-05-12 09:26 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2015-05-12 09:26 - 2015-05-12 09:26 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-05-12 09:24 - 2015-05-12 09:24 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-05-12 09:24 - 2015-05-12 09:24 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-05-12 09:24 - 2015-05-12 09:24 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-05-12 09:24 - 2015-05-12 09:24 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-05-12 09:24 - 2015-05-12 09:24 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-05-12 09:24 - 2015-05-12 09:24 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-05-12 09:24 - 2015-05-12 09:24 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-05-12 09:20 - 2015-05-12 09:20 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-05-12 09:20 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-05-11 23:25 - 2015-05-11 23:25 - 45142720 _____ (Microsoft Corporation) C:\Users\Tori\Downloads\Windows-KB890830-x64-V5.23.exe
2015-05-11 23:17 - 2015-05-11 23:17 - 00000000 ____D () C:\Users\Tori\Downloads\dotnetfx_cleanup_tool
2015-05-11 23:16 - 2015-05-11 23:17 - 00266065 _____ () C:\Users\Tori\Downloads\dotnetfx_cleanup_tool.zip
2015-05-11 23:15 - 2015-05-11 23:15 - 00879096 _____ (Microsoft Corporation) C:\Users\Tori\Downloads\NetFxRepairTool.exe
2015-05-02 10:44 - 2015-05-02 10:44 - 00000000 ____D () C:\Users\Tori\Tracing
2015-05-02 10:41 - 2015-05-02 10:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-02 10:41 - 2015-05-02 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-02 10:40 - 2015-05-02 10:40 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Tori\Downloads\SkypeSetup.exe
2015-05-01 08:11 - 2015-05-01 08:11 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-05-01 08:11 - 2015-05-01 08:11 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-04-30 11:41 - 2015-04-30 11:43 - 00000000 ____D () C:\AdwCleaner
2015-04-30 10:48 - 2015-05-17 18:10 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-30 10:47 - 2015-04-30 10:47 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-30 10:47 - 2015-04-30 10:47 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-30 10:47 - 2015-04-30 10:47 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-30 10:47 - 2015-04-30 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-30 10:47 - 2015-04-30 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-30 10:32 - 2015-04-30 10:32 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tori\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-30 10:10 - 2015-04-30 11:33 - 00000000 ____D () C:\ProgramData\UVK
2015-04-30 10:10 - 2015-04-30 10:47 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-04-30 10:10 - 2015-04-30 10:10 - 05138944 _____ (Carifred) C:\Users\Tori\Downloads\UVKPortable.exe
2015-04-30 10:10 - 2015-04-30 10:10 - 00001766 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-04-30 10:10 - 2015-04-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-04-30 09:56 - 2015-04-30 09:56 - 00001377 _____ () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-30 09:56 - 2015-04-30 09:56 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Stardock
2015-04-30 09:56 - 2015-04-30 09:56 - 00000000 ____D () C:\Users\Test\AppData\Roaming\AVAST Software
2015-04-30 09:56 - 2015-04-30 09:56 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Apple Computer
2015-04-30 09:56 - 2015-04-30 09:56 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Adobe
2015-04-30 09:55 - 2015-04-30 09:56 - 00002086 _____ () C:\Users\Test\Desktop\OneKey Recovery.lnk
2015-04-30 09:55 - 2015-04-30 09:56 - 00001122 _____ () C:\Users\Test\Desktop\Cyberlink Power2Go.lnk
2015-04-30 09:55 - 2015-04-30 09:56 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-30 09:55 - 2015-04-30 09:55 - 00000020 ___SH () C:\Users\Test\ntuser.ini
2015-04-30 09:55 - 2015-04-30 09:55 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Intel
2015-04-30 09:55 - 2015-04-30 09:55 - 00000000 ____D () C:\Users\Test\AppData\Local\VirtualStore
2015-04-30 09:55 - 2015-04-30 09:55 - 00000000 ____D () C:\Users\Test\AppData\Local\Google
2015-04-30 09:55 - 2015-04-30 09:55 - 00000000 ____D () C:\Users\Test
2015-04-30 09:55 - 2015-02-16 20:22 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Macromedia
2015-04-30 09:55 - 2013-06-23 08:53 - 00000000 ____D () C:\Users\Test\AppData\LocalGoogle
2015-04-30 09:55 - 2010-12-19 01:31 - 00000189 _____ () C:\Users\Test\Desktop\Lenovo Telephony Start Now.url
2015-04-30 09:55 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-30 09:55 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-30 09:07 - 2015-05-15 07:43 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 09:07 - 2015-04-30 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-30 09:06 - 2015-04-30 09:06 - 00880208 _____ (Google Inc.) C:\Users\Tori\Downloads\ChromeSetup.exe
2015-04-30 09:05 - 2015-04-30 09:05 - 00000000 __SHD () C:\Users\Tori\AppData\Local\EmieUserList
2015-04-30 09:05 - 2015-04-30 09:05 - 00000000 __SHD () C:\Users\Tori\AppData\Local\EmieSiteList
2015-04-29 22:46 - 2015-04-29 22:46 - 00243304 _____ () C:\Users\Tori\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-29 22:38 - 2015-04-29 22:38 - 00561576 _____ (Oracle Corporation) C:\Users\Tori\Downloads\jxpiinstall.exe
2015-04-29 22:38 - 2015-04-29 22:38 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Oracle
2015-04-29 20:12 - 2015-04-29 20:12 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-29 20:12 - 2015-04-29 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-29 20:12 - 2015-04-29 20:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-29 20:12 - 2015-04-29 20:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-29 20:08 - 2015-04-29 20:08 - 06484352 _____ (Piriform Ltd) C:\Users\Tori\Downloads\ccsetup505.exe
2015-04-29 20:04 - 2015-04-29 20:04 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-29 20:01 - 2015-04-29 20:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-29 20:01 - 2015-04-29 20:01 - 00002047 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-29 19:56 - 2015-03-27 08:10 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswBC6.tmp
2015-04-29 19:56 - 2015-03-27 08:10 - 00271200 _____ () C:\windows\system32\Drivers\aswCD0.tmp
2015-04-29 19:56 - 2015-03-27 08:10 - 00136752 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswF03.tmp
2015-04-29 19:56 - 2015-03-27 08:10 - 00088408 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswA4E.tmp
2015-04-29 19:56 - 2015-03-27 08:10 - 00065736 _____ () C:\windows\system32\Drivers\aswAAC.tmp
2015-04-29 19:55 - 2015-03-27 08:10 - 00029168 _____ () C:\windows\system32\Drivers\asw79E.tmp
2015-04-29 19:55 - 2015-03-27 08:09 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\asw2AD.tmp
2015-04-29 19:55 - 2015-03-27 08:09 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\asw58B.tmp
2015-04-28 20:35 - 2015-04-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-28 20:07 - 2015-04-28 20:09 - 00000000 ____D () C:\c7e4473ccc68bdc4362fcc810359745d
2015-04-28 10:50 - 2015-04-29 00:29 - 00000000 ____D () C:\VIPRERESCUE
2015-04-28 10:50 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiark.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 13:31 - 2012-07-07 21:13 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001UA.job
2015-05-20 13:30 - 2012-02-06 12:25 - 01112039 _____ () C:\windows\WindowsUpdate.log
2015-05-20 13:25 - 2013-03-02 21:05 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 12:59 - 2014-01-02 01:13 - 00000000 ____D () C:\Users\Tori\Documents\Professional
2015-05-20 08:33 - 2012-07-07 21:13 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001Core.job
2015-05-20 08:20 - 2013-03-02 21:05 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-05-20 08:20 - 2012-07-04 15:29 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-05-20 08:20 - 2012-04-07 17:29 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-20 08:20 - 2012-04-07 17:29 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 08:17 - 2012-02-06 13:10 - 04765820 _____ () C:\FaceProv.log
2015-05-20 08:17 - 2012-02-06 13:10 - 00000000 ____D () C:\ProgramData\VeriFace
2015-05-19 22:01 - 2012-02-06 13:20 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 11:42 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 11:42 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 08:16 - 2012-05-20 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 08:15 - 2015-03-22 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 20:09 - 2013-12-05 09:32 - 00013113 _____ () C:\windows\setupact.log
2015-05-17 18:40 - 2012-04-03 19:21 - 00000000 ____D () C:\Users\Tori\AppData\Local\VirtualStore
2015-05-17 16:35 - 2012-02-06 13:20 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 16:35 - 2012-02-06 13:20 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 16:35 - 2012-02-06 13:20 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 07:26 - 2012-07-07 21:13 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001UA
2015-05-16 07:26 - 2012-07-07 21:13 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001Core
2015-05-15 23:15 - 2012-04-07 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-05-13 22:48 - 2012-04-03 20:26 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Skype
2015-05-13 22:47 - 2009-07-14 01:13 - 00920222 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-13 22:43 - 2012-02-06 13:12 - 00615754 _____ () C:\windows\system32\fastboot.set
2015-05-13 22:41 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-13 22:19 - 2012-04-18 16:19 - 00912836 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-05-12 23:28 - 2012-02-06 12:44 - 00000000 ____D () C:\windows\SysWOW64\NV
2015-05-12 23:28 - 2012-02-06 12:44 - 00000000 ____D () C:\windows\system32\NV
2015-05-12 23:27 - 2013-12-19 20:21 - 00430074 _____ () C:\windows\PFRO.log
2015-05-12 23:17 - 2012-02-06 12:37 - 00000000 ____D () C:\ProgramData\Intel
2015-05-12 23:17 - 2012-02-06 12:34 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-12 23:16 - 2012-02-06 12:35 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-05-12 23:15 - 2012-02-06 12:46 - 00107552 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNUninst64.dll
2015-05-12 23:15 - 2012-02-06 12:44 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-12 23:11 - 2012-10-02 09:34 - 00342528 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2015-05-12 23:11 - 2012-10-02 09:34 - 00016896 _____ (Intel® Corporation) C:\windows\system32\IntcDAuC.dll
2015-05-12 23:10 - 2015-01-19 14:40 - 05375448 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-05-12 23:10 - 2015-01-19 14:38 - 12694808 _____ (Intel Corporation) C:\windows\system32\igdumd64.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 01049576 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00940360 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00530968 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00525800 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00220432 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00184352 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-05-12 23:10 - 2015-01-19 14:38 - 00031984 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-05-12 23:10 - 2015-01-19 14:28 - 00099328 _____ () C:\windows\system32\igdde64.dll
2015-05-12 23:10 - 2015-01-19 14:28 - 00078848 _____ () C:\windows\SysWOW64\igdde32.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 09007616 _____ (Intel Corporation) C:\windows\system32\igfxress.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00442880 _____ (Intel Corporation) C:\windows\system32\igfxdev.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00440320 _____ (Intel Corporation) C:\windows\system32\igfxrell.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxrfra.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00439808 _____ (Intel Corporation) C:\windows\system32\igfxresn.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrus.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00439296 _____ (Intel Corporation) C:\windows\system32\igfxrrom.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrsky.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrptg.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrplk.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrnld.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrita.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrhrv.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438784 _____ (Intel Corporation) C:\windows\system32\igfxrdeu.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrhun.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrfin.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00438272 _____ (Intel Corporation) C:\windows\system32\igfxrcsy.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrtrk.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrslv.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrptb.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437760 _____ (Intel Corporation) C:\windows\system32\igfxrnor.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrtha.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00437248 _____ (Intel Corporation) C:\windows\system32\igfxrdan.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrheb.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00435712 _____ (Intel Corporation) C:\windows\system32\igfxrara.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00432128 _____ (Intel Corporation) C:\windows\system32\igfxrjpn.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00431104 _____ (Intel Corporation) C:\windows\system32\igfxrkor.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00429056 _____ (Intel Corporation) C:\windows\system32\igfxrcht.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00428544 _____ (Intel Corporation) C:\windows\system32\igfxrchs.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00410624 _____ (Intel Corporation) C:\windows\system32\igfxTMM.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00384512 _____ (Intel Corporation) C:\windows\system32\igfxpph.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00330752 _____ (Intel Corporation) C:\windows\SysWOW64\igfxdv32.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00286208 _____ (Intel Corporation) C:\windows\system32\igfxrenu.lrc
2015-05-12 23:10 - 2015-01-19 14:27 - 00175104 _____ (Intel Corporation) C:\windows\system32\gfxSrvc.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00142336 _____ (Intel Corporation) C:\windows\system32\igfxdo.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00126976 _____ (Intel Corporation) C:\windows\system32\igfxcpl.cpl
2015-05-12 23:10 - 2015-01-19 14:27 - 00110592 _____ (Intel Corporation) C:\windows\system32\hccutils.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00064000 _____ (Intel Corporation) C:\windows\system32\igfxsrvc.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00025088 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-05-12 23:10 - 2015-01-19 14:27 - 00009728 _____ ( ) C:\windows\system32\IGFXDEVLib.dll
2015-05-12 23:10 - 2015-01-19 14:26 - 13028864 _____ (Intel Corporation) C:\windows\system32\ig4icd64.dll
2015-05-12 23:10 - 2015-01-19 14:25 - 10811392 _____ (Intel Corporation) C:\windows\SysWOW64\ig4icd32.dll
2015-05-12 23:10 - 2015-01-19 14:23 - 03121152 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-05-12 23:10 - 2015-01-19 14:23 - 00575488 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-05-12 23:10 - 2015-01-19 14:23 - 00542720 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-05-12 23:10 - 2012-01-10 13:55 - 11245520 _____ (Intel Corporation) C:\windows\SysWOW64\igd10umd32.dll
2015-05-12 23:10 - 2011-04-13 23:01 - 12937864 _____ (Intel Corporation) C:\windows\system32\igd10umd64.dll
2015-05-12 23:10 - 2011-04-13 23:01 - 11117808 _____ (Intel Corporation) C:\windows\SysWOW64\igdumd32.dll
2015-05-12 22:43 - 2009-07-14 00:45 - 00291840 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-12 22:39 - 2011-09-28 23:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 22:39 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-12 22:38 - 2013-03-14 08:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 22:38 - 2013-03-14 08:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 22:25 - 2013-08-15 09:09 - 00000000 ____D () C:\windows\system32\MRT
2015-05-12 22:17 - 2012-04-08 09:19 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-12 22:16 - 2013-03-14 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 11:39 - 2012-04-08 17:29 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-05-12 10:18 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-05-12 10:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-05-12 10:11 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-05-12 10:10 - 2014-05-07 07:48 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-05-12 10:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-05-12 10:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-05-12 10:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\AppCompat
2015-05-11 22:36 - 2014-01-02 01:11 - 00000000 ____D () C:\Users\Tori\Documents\RPG Stuff
2015-05-10 12:18 - 2013-05-14 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-07 16:13 - 2013-12-10 12:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-02 10:44 - 2012-04-03 19:18 - 00000000 ____D () C:\Users\Tori
2015-05-02 10:42 - 2012-04-03 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-02 10:41 - 2012-04-03 20:26 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 08:11 - 2014-04-18 21:09 - 00029168 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-05-01 08:11 - 2013-12-21 13:57 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-05-01 08:11 - 2013-03-02 01:11 - 00272248 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-05-01 08:11 - 2013-03-02 01:11 - 00065736 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-05-01 08:11 - 2012-04-03 19:35 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-05-01 08:11 - 2012-04-03 19:35 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-05-01 08:11 - 2012-04-03 19:35 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-05-01 08:10 - 2012-04-03 19:35 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-04-30 10:47 - 2012-04-08 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-04-30 10:40 - 2012-04-08 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-30 10:11 - 2012-02-06 13:08 - 00000000 ____D () C:\ProgramData\Temp
2015-04-30 09:50 - 2012-10-29 10:58 - 00002259 _____ () C:\Users\Tori\Desktop\Google Chrome.lnk
2015-04-30 09:11 - 2015-01-26 10:03 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-30 09:11 - 2015-01-26 10:03 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-30 09:07 - 2012-02-06 13:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-30 09:05 - 2012-04-03 19:21 - 00000000 ____D () C:\Users\Tori\AppData\Local\Google
2015-04-30 00:46 - 2014-12-17 21:09 - 00002872 _____ () C:\windows\system32\Drivers\fvstore.dat
2015-04-29 23:06 - 2012-10-13 23:11 - 00002246 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-04-29 22:47 - 2012-04-10 22:10 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-29 22:47 - 2012-04-10 22:10 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-29 22:41 - 2013-10-08 07:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-29 22:39 - 2014-10-14 22:19 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-29 22:07 - 2012-04-08 17:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-29 20:12 - 2014-11-22 09:50 - 00000000 ____D () C:\Program Files\iTunes
2015-04-29 20:12 - 2014-11-22 09:50 - 00000000 ____D () C:\Program Files\iPod
2015-04-29 20:12 - 2013-09-20 19:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-29 20:12 - 2012-08-21 13:01 - 00125872 _____ (GEAR Software Inc.) C:\windows\system32\GEARAspi64.dll
2015-04-29 20:12 - 2012-08-21 13:01 - 00106928 _____ (GEAR Software Inc.) C:\windows\SysWOW64\GEARAspi.dll
2015-04-29 20:10 - 2012-04-03 20:24 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-29 20:10 - 2012-04-03 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-29 20:10 - 2012-04-03 20:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-29 20:01 - 2012-05-27 13:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-29 20:00 - 2012-05-27 13:18 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-29 19:57 - 2014-12-03 09:01 - 00001882 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-29 19:56 - 2012-04-10 22:10 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Mozilla
2015-04-29 19:55 - 2012-04-08 17:55 - 00001965 _____ () C:\Users\Tori\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-29 19:48 - 2014-10-14 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-29 19:48 - 2013-12-10 12:23 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\TeamViewer
2015-04-29 19:48 - 2013-04-14 11:20 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2015-04-29 19:48 - 2013-04-14 11:20 - 00000000 ____D () C:\Program Files (x86)\Bitcoin
2015-04-29 19:48 - 2012-04-08 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-29 19:48 - 2012-04-07 17:29 - 00000000 ____D () C:\windows\system32\Macromed
2015-04-29 19:48 - 2012-04-03 20:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-29 19:48 - 2012-04-03 19:18 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-29 19:48 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-04-29 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2015-04-29 19:46 - 2012-04-08 17:55 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\SUPERAntiSpyware.com
2015-04-29 19:45 - 2012-04-10 22:10 - 00000000 ____D () C:\Users\Tori\AppData\Local\Mozilla
2015-04-29 19:44 - 2013-05-24 18:01 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-28 21:19 - 2012-04-08 17:51 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Malwarebytes
2015-04-28 20:58 - 2011-02-22 07:19 - 00000000 ____D () C:\windows\Panther
2015-04-28 10:29 - 2012-04-13 11:47 - 00000000 ____D () C:\Users\Tori\AppData\Roaming\Apple Computer

==================== Files in the root of some directories =======

2015-02-06 19:54 - 2015-02-06 19:54 - 6103040 _____ () C:\Program Files (x86)\GUT47FA.tmp
2015-03-09 15:44 - 2015-03-09 15:44 - 0000886 _____ () C:\Users\Tori\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Tori\AppData\Local\Temp\Quarantine.exe
C:\Users\Tori\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 16:55

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Tori at 2015-05-20 14:14:53
Running from C:\Users\Tori\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2195519750-1132866062-3218553652-500 - Administrator - Disabled)
Guest (S-1-5-21-2195519750-1132866062-3218553652-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2195519750-1132866062-3218553652-1003 - Limited - Enabled)
Test (S-1-5-21-2195519750-1132866062-3218553652-1023 - Limited - Enabled) => C:\Users\Test
Tori (S-1-5-21-2195519750-1132866062-3218553652-1001 - Administrator - Enabled) => C:\Users\Tori
UpdatusUser (S-1-5-21-2195519750-1132866062-3218553652-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin (HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Bitcoin) (Version: 0.8.1 - Bitcoin project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CC3 (HKLM-x32\...\CC3) (Version: 3.42 - ProFantasy Software)
CC3 (x32 Version: 3.42 - ProFantasy Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
f.lux (HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\Flux) (Version:  - )
Fences (HKLM-x32\...\Fences) (Version:  - Stardock Corporation)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.15 - GOG.com)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1134 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Town of Salem (HKLM-x32\...\Steam App 334230) (Version:  - BlankMediaGames)
Unity Web Player (HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.2.3.0 - Carifred)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tori\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2195519750-1132866062-3218553652-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tori\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

04-05-2015 12:51:01 Scheduled Checkpoint
12-05-2015 09:21:10 Windows Update
12-05-2015 09:46:59 Windows Update
12-05-2015 10:25:44 Windows Update
12-05-2015 14:22:26 Windows Update
12-05-2015 22:13:28 Windows Update
12-05-2015 23:12:01 Installed Realtek Ethernet Controller Driver
17-05-2015 16:27:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2012-07-08 09:01 - 00443048 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {37E9ABC6-8A7C-4A8F-BE08-7E2763003E05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {3B080BAB-6224-4279-BB7A-75DD96AC5912} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-29] (Piriform Ltd)
Task: {488793B8-E031-4647-8FCE-301C2DA3FF88} - System32\Tasks\{EA3D294E-FA7E-4EA7-81BB-B13E5CD119D2} => pcalua.exe -a C:\Users\Tori\Downloads\HijackThis.exe -d C:\Users\Tori\Downloads
Task: {4AD4F828-258E-494A-B65B-1C7A4D9A0735} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {4ED34231-DBAA-411F-AC03-9F5537BDB6C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-04-29] (Adobe Systems Incorporated)
Task: {89463170-A4E0-4B72-90D8-64DD4DF57C25} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001UA => C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07] (Google Inc.)
Task: {89EA8902-F7E7-4C86-BA25-B01C03766CAE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
Task: {90BEF61E-EED3-4E0F-AE78-4619A35109A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-16] (Microsoft Corporation)
Task: {9EC76CD6-59A3-4D71-823A-59A9C47EDC36} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-29] (COMODO)
Task: {9F7182F4-8B4E-42F9-9F93-67DDF1AB0500} - System32\Tasks\avastBCLRestartS-1-5-21-2195519750-1132866062-3218553652-1001 => Firefox.exe
Task: {B0E7F230-3AF5-4005-8A67-898350CD833F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C86176D7-B9C1-4BF5-9E99-B3E227090464} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {CB0FD63C-1A75-40EE-A24E-2C99FE1C3E3D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-29] (COMODO)
Task: {D37154BB-507D-4925-9AD5-9ADE9C4EF647} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {D48CAC2B-D118-4F85-9362-7945B5CFCE41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001Core => C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07] (Google Inc.)
Task: {D64039D4-ADE2-4B96-83E5-E6EB0E02EC39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {FA045BF5-1E3A-425D-9C66-E0E68731BF59} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-29] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001Core.job => C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001UA.job => C:\Users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-02-06 12:40 - 2012-10-02 15:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2011-02-15 08:26 - 2011-02-15 08:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-06 13:13 - 2012-02-06 13:13 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2008-12-19 23:20 - 2012-02-06 13:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-06 13:10 - 2012-02-06 13:10 - 01505280 _____ () C:\windows\system32\Apblend64.dll
2015-05-01 08:11 - 2015-05-01 08:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 08:11 - 2015-05-01 08:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-13 17:11 - 2015-05-13 17:11 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051302\algo.dll
2015-05-20 12:23 - 2015-05-20 12:23 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052000\algo.dll
2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2015-03-17 08:20 - 2015-03-17 08:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-02-06 13:10 - 2012-02-06 13:10 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-05-15 07:43 - 2015-05-05 00:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 07:43 - 2015-05-05 00:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2013-04-23 18:30 - 2015-05-14 14:26 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 20:55 - 2015-05-14 14:26 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 20:55 - 2015-05-14 14:26 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 20:55 - 2015-05-14 14:26 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-11 22:00 - 2015-05-15 23:14 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-07 15:41 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-07 15:41 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-07 15:41 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-07 15:41 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-07 15:41 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-13 17:42 - 2015-05-14 21:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-12-06 00:24 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-14 14:25 - 2015-05-11 15:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\gfxSrvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\GfxUI.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\hccutils.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\hkcmd.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ig4icd64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igd10umd64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igdde64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igdumd64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfx11cmrt64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxcpl.cpl:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxdev.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\IGFXDEVLib.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxdo.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxpers.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxpph.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrara.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrchs.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrcht.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrcsy.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrdan.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrdeu.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrell.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrenu.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxresn.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxress.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrfin.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrfra.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrheb.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrhrv.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrhun.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrita.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrjpn.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrkor.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrnld.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrnor.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrplk.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrptb.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrptg.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrrom.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrrus.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrsky.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrslv.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrsve.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrtha.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxrtrk.lrc:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxsrvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxsrvc.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxTMM.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\igfxtray.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\iglhcp64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\iglhsip64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\IntcDAuC.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RTNUninst64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ig4icd32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igd10umd32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igdde32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igdumd32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igfx11cmrt32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igfxdv32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\iglhcp32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\iglhsip32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\IntcDAud.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\Rt64win7.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:C31F31E6
AlternateDataStreams: C:\Users\Tori\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\0005-Install_Win7_7092_04092015.zip:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\0005-Install_Win7_7092_04092015.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\AdobeAIRInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\AdobeAIRInstaller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\ccsetup505.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\ccsetup505.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\dotnetfx_cleanup_tool.zip:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\dotnetfx_cleanup_tool.zip:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\Firefox Setup Stub 37.0.2.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\Firefox Setup Stub 37.0.2.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\HijackThis.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\HijackThis.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\HUD.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\mbam-setup-2.1.6.1022.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\mbam-setup-2.1.6.1022.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\NetFxRepairTool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\Privacy Statement for Microsoft .NET Repair tool.rtf:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\Privacy Statement for Microsoft .NET Repair tool.rtf:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\rkill.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\rkill.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\SkypeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\SkypeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\UVKPortable.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\UVKPortable.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\Wheat_Stitch_Baby_Blanket.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\win64_152823.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\win64_152823.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Downloads\Windows-KB890830-x64-V5.23.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tori\Downloads\Windows-KB890830-x64-V5.23.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Documents\ISptv1arpmd6pi0000000000.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tori\Documents\Work sheet 322015-362015.pdf:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7754 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2195519750-1132866062-3218553652-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{6E3FFB02-C235-4C8B-AA2A-EAAADBB32105}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{43C39D08-F101-448E-9300-8D58835A726D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9CA09B17-B3AE-46AC-AC30-DD0CB3A0A11E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7F29985B-13A1-4D58-AF89-2CB024B4E4FC}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{AA4056A3-510D-4DDE-A5DD-76CD65A2DB00}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{6EC09654-797B-4ABE-94AE-B89E91B6FDCA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{74B0E04C-4A13-448D-8ED7-1B708897277A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C054874F-E0F3-4178-BC04-B5E9E442C9A1}] => (Allow) LPort=2869
FirewallRules: [{B3EF4BAA-9C6B-42FE-8BB7-ABEE597823C3}] => (Allow) LPort=1900
FirewallRules: [{6FDBEC8E-5EBB-4607-89A6-284E14FA9CAD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{815AD8A8-53D3-430C-9062-7F658FBA559E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E211AB6D-2AED-4C3E-B559-7DE41066AA74}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9FC04F5E-A5DB-466B-B4EE-16E9D16407B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{406C3537-7161-4830-A89B-CD970D1F6BCD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1F1E55F2-26A0-4503-8F46-15A2BDF69CF9}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{848F744E-FF9E-4BCC-96A0-D54273525929}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{207D987B-AF26-4A67-92AE-BD0115B63B5E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{30E85FCE-B1AA-42D6-9922-314E019C824E}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{41DAC82F-3C6E-4101-B583-2ED69A9320E0}] => (Allow) C:\Users\Tori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F9878E0B-84B6-4367-8641-30C38365351C}] => (Allow) C:\Users\Tori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{A259DBBB-B302-4E0B-AA70-E33044A67943}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{7003417E-B867-40FE-9F84-B08F5F513032}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [{5EC24077-3B6D-47A1-9B11-686B9A672F22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2A31D411-5AF4-4ACA-9CC6-98A3A6B3C264}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{2C5CF016-1047-465D-B7B1-1C9CA8DEE86B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AB3FD48C-637E-4E8E-A63D-BBEA93DF7A7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CDB4EB35-0338-4EB3-B806-0EDE71DD98CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{C1A57313-1EEB-448F-88C5-C7CA0EBD8180}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{118E1C58-EE5F-495F-B4FB-538C5ED7B2BE}] => (Allow) C:\Users\Tori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{D4DBEFD8-491B-4503-A355-D67133888049}] => (Allow) C:\Users\Tori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{9A4B9FCC-C816-4F26-B505-BA9D8B7793D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{48346AED-E910-473D-8A3B-D573D9DB6785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4B30B7C5-C4A5-4582-BD17-5BF2127477AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{80E6588A-1809-4E6E-AD4B-59A252AEF388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{915D7729-0317-4FA1-8F42-0DC6A3FC55A1}C:\users\tori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\tori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{54470C3C-EFE1-4B81-B754-F323B2C8C11E}C:\users\tori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\tori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{FA8DC725-BF93-45D8-82B8-A4E27EF3588E}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{85F38B93-7FD9-4D47-BF62-0F08E4E672CF}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{BDC7C62F-2E20-485F-8491-C2BFF81FC0A6}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{3150F3DF-479F-4EC5-9F91-1A31B63BFBA2}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{6CB52D32-7C11-40E2-A66E-7EAAABFB4A6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{6B9B69F2-E676-41F7-B739-94F55E4E6780}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0A37D548-FBB8-4141-BB8D-5E476DCE2A2A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{ECBD6E2A-2542-4424-B246-9D52557F03AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{682BC6EF-BAF1-4120-A893-AB221F06081D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{D7948E8F-4362-4B91-AA60-EBE6BC8F2FAB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{BDCB38D7-3584-42D0-AADB-555B8320D859}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3CAD0F28-90B4-4CC9-AC8A-025C0AB3417A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{123DBA38-301C-46D0-8095-E808D885250D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{61B2BC72-9809-4403-AC6E-2CCF89424953}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{648F8F10-A9B5-4267-920C-3B4B10F406EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{52B3F45F-1DBB-4F7A-A9DE-F41DD50F392B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{DEA26C35-D068-4BF3-B303-60B3E7AB618F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{6EE31318-5FBD-453C-9B39-09F1C9A2740F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C9275030-A88F-4BA9-BA87-82AF3D654BC2}] => (Allow) C:\Users\Tori\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F2782F01-5016-4A1E-9122-E3237B5F12E8}] => (Allow) C:\Users\Tori\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F6BCBA23-F6CF-413D-90A8-8D1013FDE7DC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E6276C4B-7006-49E0-AA4E-9EA5D266E295}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{663FC3FC-3EB7-45A4-891A-F3E2C0ADBE48}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAEDF5A8-0B4B-4CDC-AF50-63BA23621B0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAAFC4C8-73FA-49E3-A294-F03E143E7B55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41A778B8-FBC4-4841-A00E-FA907E56460B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C8B0C00-2C2C-42B2-8C09-D55A3245BFA8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AE974D4B-37DA-4E86-B3E8-CE3E57AB77E5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{73BC2A51-DD57-4045-A169-3E65D8D1CB28}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{A9BCAA75-5D1D-4778-9DE2-87B3328E6623}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{F50E4733-882F-4030-8644-01DA5C2F10A5}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{5FFD2183-5EAE-4C72-97C2-453D149AD6AB}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{BA63919E-2CDD-4548-9EE1-B47621E02CE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9C9F82D-8FF7-4306-B6CC-0943E443C709}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1CEAE23-6243-4094-9674-333110B41E4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A462851-BE0A-477A-B6ED-3DFE96A8C86F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D526DB8-4AC4-405D-B25F-555B73DD19C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5964C79C-3D09-4C9A-8A39-8C0D4E7D4D69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFCD9791-FD29-4A4F-87B9-DB58B8CE2DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{90241C7D-A48B-467B-8DAB-2E399C21FF8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [TCP Query User{6A96CF89-C6F4-4B94-895B-DF5C26272417}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{146AEA8C-5B75-4C24-A3C5-45B9E1CE704C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C3EB381A-AFC1-42A9-805D-DB44C4EE3ABF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{3331923F-22F2-490E-83D5-353CAB8AF81B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{12C8018E-17B5-49ED-9C8C-AF855D64CB35}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B8760D5F-DB67-4520-B96D-8EE43FF4CA64}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D83C8F6D-BF4C-457F-9081-C87E265E872A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4757E5E0-FC5E-4A84-81BF-64BEB9AE040C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3AE8249C-6DE3-46B9-9D1F-72B52140EB6B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E14A68A4-1B18-4E3B-B879-CE4DA66E27A7}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{A7998D54-A570-4BC7-8CBB-949F07EF006B}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{53663314-7C27-4C4F-ACCA-CFE3F14317BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0ECC130D-DEE6-42A0-B6C3-D78581751E6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 02:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x1958
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 01:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x1efc
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 01:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: calc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc9d4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb3019c
Faulting process id: 0x2624
Faulting application start time: 0xcalc.exe0
Faulting application path: calc.exe1
Faulting module path: calc.exe2
Report Id: calc.exe3

Error: (05/20/2015 00:44:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x20c4
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 11:01:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0xc14
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 11:01:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x2624
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 08:40:14 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Lenovo Battery Management Software Ver 6.0 because of this error.

Program: Lenovo Battery Management Software Ver 6.0
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (05/20/2015 08:40:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Utility.exe, version: 6.0.2.0, time stamp: 0x4d267f7c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000007fefdb30204
Faulting process id: 0x231c
Faulting application start time: 0xUtility.exe0
Faulting application path: Utility.exe1
Faulting module path: Utility.exe2
Report Id: Utility.exe3

Error: (05/20/2015 08:18:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x20d0
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3

Error: (05/20/2015 08:18:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxsrvc.exe, version: 8.15.10.4101, time stamp: 0x54bd84a5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fefdb30174
Faulting process id: 0x26c4
Faulting application start time: 0xigfxsrvc.exe0
Faulting application path: igfxsrvc.exe1
Faulting module path: igfxsrvc.exe2
Report Id: igfxsrvc.exe3


System errors:
=============
Error: (05/19/2015 10:00:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (05/18/2015 08:10:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (05/17/2015 09:51:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/17/2015 04:25:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

Error: (05/15/2015 11:15:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (05/15/2015 11:15:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/15/2015 11:09:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (05/14/2015 05:20:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (05/14/2015 02:26:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (05/14/2015 02:26:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (05/20/2015 02:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb30174195801d0932859d7b1bbC:\windows\system32\igfxsrvc.exeunknown98d3db9e-ff1b-11e4-8a68-f0def1c86654

Error: (05/20/2015 01:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb301741efc01d09322bbfee436C:\windows\system32\igfxsrvc.exeunknownfa822020-ff15-11e4-8a68-f0def1c86654

Error: (05/20/2015 01:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: calc.exe6.1.7600.163854a5bc9d4unknown0.0.0.000000000c0000005000007fefdb3019c262401d093205cabfc54C:\windows\system32\calc.exeunknown9bba364f-ff13-11e4-8a68-f0def1c86654

Error: (05/20/2015 00:44:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb3017420c401d0931c47ecd2a5C:\windows\system32\igfxsrvc.exeunknown879ff325-ff0f-11e4-8a68-f0def1c86654

Error: (05/20/2015 11:01:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb30174c1401d0930de5ef24b2C:\windows\system32\igfxsrvc.exeunknown23bd02d6-ff01-11e4-8a68-f0def1c86654

Error: (05/20/2015 11:01:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb30174262401d0930dca7395bfC:\windows\system32\igfxsrvc.exeunknown09c174c0-ff01-11e4-8a68-f0def1c86654

Error: (05/20/2015 08:40:14 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Lenovo Battery Management Software Ver 6.0000000000

Error: (05/20/2015 08:40:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Utility.exe6.0.2.04d267f7cunknown0.0.0.000000000c0000096000007fefdb30204231c01d092f6d5e4296aC:\Program Files (x86)\Lenovo\Energy Management\Utility.exeunknown5c26755c-feed-11e4-8a68-f0def1c86654

Error: (05/20/2015 08:18:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb3017420d001d092f718270840C:\windows\system32\igfxsrvc.exeunknown55f052f5-feea-11e4-8a68-f0def1c86654

Error: (05/20/2015 08:18:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxsrvc.exe8.15.10.410154bd84a5unknown0.0.0.000000000c0000005000007fefdb3017426c401d092f7172d1437C:\windows\system32\igfxsrvc.exeunknown55057a55-feea-11e4-8a68-f0def1c86654


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 6058.14 MB
Available physical RAM: 2662.19 MB
Total Pagefile: 12114.49 MB
Available Pagefile: 6862 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:219.1 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D2C76333)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================

 

Again, Thank you so much for helping me! :)

 

Regards,

Tori



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 20 May 2015 - 01:33 PM

Hi there,
you are welcome. :)

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 20 May 2015 - 04:14 PM

Okay, here are the results. I disabled my firewall (COMODO), but I recieved a notice that it was still active. If you need me to run Combofix again, I will do so.

 

ComboFix 15-05-19.01 - Tori 05/20/2015  16:52:00.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3626 [GMT -4:00]
Running from: c:\users\Tori\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Enabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\users\Tori\AppData\Local\Adobe\gccheck.exe
c:\users\Tori\AppData\Local\Adobe\gtbcheck.exe
c:\windows\msdownld.tmp
c:\windows\s.bat
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-20 to 2015-05-20  )))))))))))))))))))))))))))))))
.
.
2015-05-20 21:05 . 2015-05-20 21:05    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-05-20 21:05 . 2015-05-20 21:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-05-20 18:11 . 2015-05-20 18:15    --------    d-----w-    C:\FRST
2015-05-19 15:39 . 2015-05-03 03:16    12214312    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{848ECDEF-E93C-4061-A592-43687B87C73C}\mpengine.dll
2015-05-13 03:20 . 2015-05-13 03:20    --------    d-----w-    c:\windows\Migration
2015-05-13 03:16 . 2012-05-15 11:13    144896    ----a-w-    c:\windows\system32\IntelOpenCL64.dll
2015-05-13 03:16 . 2012-05-15 10:20    104448    ----a-w-    c:\windows\SysWow64\IntelOpenCL32.dll
2015-05-13 03:15 . 2015-05-13 03:15    977624    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2015-05-13 03:15 . 2015-05-13 03:15    73800    ----a-w-    c:\windows\system32\RtNicProp64.dll
2015-05-13 02:16 . 2015-05-01 13:17    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:16 . 2015-05-01 13:16    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:07 . 2015-04-27 18:06    36864    ----a-w-    c:\windows\system32\UtcResources.dll
2015-05-13 02:06 . 2015-05-13 02:06    295936    ----a-w-    c:\windows\SysWow64\apphelp.dll
2015-05-13 02:06 . 2015-05-13 02:06    72192    ----a-w-    c:\windows\system32\aelupsvc.dll
2015-05-13 02:06 . 2015-05-13 02:06    6656    ----a-w-    c:\windows\system32\shimeng.dll
2015-05-13 02:06 . 2015-05-13 02:06    5120    ----a-w-    c:\windows\SysWow64\shimeng.dll
2015-05-13 02:06 . 2015-05-13 02:06    342016    ----a-w-    c:\windows\system32\apphelp.dll
2015-05-13 02:06 . 2015-05-13 02:06    23552    ----a-w-    c:\windows\system32\sdbinst.exe
2015-05-13 02:06 . 2015-05-13 02:06    20992    ----a-w-    c:\windows\SysWow64\sdbinst.exe
2015-05-12 14:27 . 2015-05-12 14:27    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2015-05-12 14:10 . 2015-05-17 20:32    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-05-12 14:10 . 2015-05-17 20:32    --------    d-s---w-    c:\windows\system32\GWX
2015-05-12 14:10 . 2015-05-12 14:10    --------    d-----w-    c:\windows\system32\appraiser
2015-05-12 13:48 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2015-05-12 13:48 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2015-05-12 13:34 . 2015-01-09 03:14    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-05-12 13:34 . 2015-01-09 03:14    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-05-12 13:34 . 2015-01-09 03:14    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-05-12 13:34 . 2015-01-09 02:48    76800    ----a-w-    c:\windows\SysWow64\wdi.dll
2015-05-12 13:32 . 2015-02-03 03:30    1202176    ----a-w-    c:\windows\system32\drmv2clt.dll
2015-05-12 13:31 . 2014-12-19 03:06    210432    ----a-w-    c:\windows\system32\profsvc.dll
2015-05-12 13:31 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll
2015-05-12 13:31 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2015-05-12 13:31 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll
2015-05-12 13:31 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\SysWow64\mscories.dll
2015-05-12 13:31 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll
2015-05-12 13:31 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2015-05-12 13:28 . 2015-01-30 23:56    459336    ----a-w-    c:\windows\system32\drivers\cng.sys
2015-05-12 13:28 . 2014-11-26 03:53    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2015-05-12 13:28 . 2014-11-26 03:32    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2015-05-12 13:28 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2015-05-12 13:28 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2015-05-12 13:28 . 2014-10-04 02:10    3722752    ----a-w-    c:\windows\system32\mstscax.dll
2015-05-12 13:28 . 2014-10-04 01:42    3221504    ----a-w-    c:\windows\SysWow64\mstscax.dll
2015-05-12 13:28 . 2014-10-04 01:42    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2015-05-12 13:28 . 2015-02-25 03:18    754688    ----a-w-    c:\windows\system32\drivers\http.sys
2015-05-12 13:28 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2015-05-12 13:28 . 2015-05-12 13:28    828928    ----a-w-    c:\windows\SysWow64\msctf.dll
2015-05-12 13:28 . 2015-05-12 13:28    1067520    ----a-w-    c:\windows\system32\msctf.dll
2015-05-12 13:28 . 2014-10-30 01:45    155136    ----a-w-    c:\windows\SysWow64\charmap.exe
2015-05-12 13:26 . 2015-05-12 13:26    77824    ----a-w-    c:\windows\system32\packager.dll
2015-05-12 13:26 . 2015-05-12 13:26    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2015-05-12 13:26 . 2015-05-12 13:26    1118720    ----a-w-    c:\windows\system32\mstsc.exe
2015-05-12 13:26 . 2015-05-12 13:26    235520    ----a-w-    c:\windows\system32\winsta.dll
2015-05-12 13:26 . 2015-05-12 13:26    1051136    ----a-w-    c:\windows\SysWow64\mstsc.exe
2015-05-12 13:26 . 2015-05-12 13:26    212480    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2015-05-12 13:26 . 2015-05-12 13:26    157696    ----a-w-    c:\windows\SysWow64\winsta.dll
2015-05-12 13:26 . 2015-05-12 13:26    150528    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2015-05-12 13:26 . 2015-05-12 13:26    455168    ----a-w-    c:\windows\system32\winlogon.exe
2015-05-12 13:26 . 2015-05-12 13:26    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2015-05-12 13:24 . 2015-05-12 13:24    406528    ----a-w-    c:\windows\system32\scesrv.dll
2015-05-12 13:24 . 2015-05-12 13:24    308224    ----a-w-    c:\windows\SysWow64\scesrv.dll
2015-05-12 13:24 . 2015-05-12 13:24    3241984    ----a-w-    c:\windows\system32\msi.dll
2015-05-12 13:24 . 2015-05-12 13:24    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2015-05-12 13:24 . 2015-05-12 13:24    79360    ----a-w-    c:\windows\system32\clfsw32.dll
2015-05-12 13:24 . 2015-05-12 13:24    58880    ----a-w-    c:\windows\SysWow64\clfsw32.dll
2015-05-12 13:24 . 2015-05-12 13:24    367552    ----a-w-    c:\windows\system32\clfs.sys
2015-05-12 13:20 . 2015-02-04 03:16    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-05-12 13:20 . 2015-05-12 13:20    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-05-12 02:39 . 2015-05-12 03:18    --------    d-----w-    c:\users\Tori\AppData\Local\ElevatedDiagnostics
2015-05-02 14:44 . 2015-05-02 14:44    --------    d-----w-    c:\users\Tori\Tracing
2015-05-02 14:41 . 2015-05-02 14:41    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2015-05-01 12:11 . 2015-05-01 12:11    364472    ----a-w-    c:\windows\system32\aswBoot.exe
2015-05-01 12:11 . 2015-05-01 12:11    43112    ----a-w-    c:\windows\avastSS.scr
2015-04-30 15:41 . 2015-04-30 15:43    --------    d-----w-    C:\AdwCleaner
2015-04-30 14:48 . 2015-05-17 22:10    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-30 14:47 . 2015-04-30 14:47    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-04-30 14:47 . 2015-04-30 14:47    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-04-30 14:47 . 2015-04-30 14:47    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-30 14:10 . 2015-04-30 15:33    --------    d-----w-    c:\programdata\UVK
2015-04-30 14:10 . 2015-04-30 14:47    --------    d-----w-    c:\program files\UVK - Ultra Virus Killer
2015-04-30 13:55 . 2015-04-30 13:55    --------    d-----w-    c:\users\Test
2015-04-30 13:05 . 2015-04-30 13:05    --------    d-sh--w-    c:\users\Tori\AppData\Local\EmieUserList
2015-04-30 13:05 . 2015-04-30 13:05    --------    d-sh--w-    c:\users\Tori\AppData\Local\EmieSiteList
2015-04-30 02:47 . 2015-05-19 12:15    51312    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-04-30 02:47 . 2015-05-19 12:15    922152    ----a-w-    c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-04-30 02:47 . 2015-05-19 12:15    188528    ----a-w-    c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-04-30 02:40 . 2015-04-30 02:40    --------    d-----w-    c:\program files (x86)\Common Files\Java
2015-04-30 02:38 . 2015-04-30 02:38    --------    d-----w-    c:\users\Tori\AppData\Roaming\Oracle
2015-04-30 00:12 . 2015-04-30 00:12    --------    d-----w-    c:\program files (x86)\iTunes
2015-04-30 00:12 . 2015-04-30 00:12    --------    d-----w-    c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-30 00:01 . 2015-04-30 00:01    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2015-04-29 23:56 . 2015-03-27 12:10    136752    ----a-w-    c:\windows\system32\drivers\aswF03.tmp
2015-04-29 23:56 . 2015-03-27 12:10    271200    ----a-w-    c:\windows\system32\drivers\aswCD0.tmp
2015-04-29 23:56 . 2015-03-27 12:10    88408    ----a-w-    c:\windows\system32\drivers\aswA4E.tmp
2015-04-29 23:56 . 2015-03-27 12:10    65736    ----a-w-    c:\windows\system32\drivers\aswAAC.tmp
2015-04-29 23:56 . 2015-03-27 12:10    442264    ----a-w-    c:\windows\system32\drivers\aswBC6.tmp
2015-04-29 23:55 . 2015-03-27 12:10    29168    ----a-w-    c:\windows\system32\drivers\asw79E.tmp
2015-04-29 23:55 . 2015-03-27 12:09    93528    ----a-w-    c:\windows\system32\drivers\asw58B.tmp
2015-04-29 23:55 . 2015-03-27 12:09    1047320    ----a-w-    c:\windows\system32\drivers\asw2AD.tmp
2015-04-29 00:07 . 2015-04-29 00:09    --------    d-----w-    C:\c7e4473ccc68bdc4362fcc810359745d
2015-04-28 14:50 . 2013-05-23 12:39    41032    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2015-04-28 14:50 . 2015-04-29 04:29    --------    d-----w-    C:\VIPRERESCUE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-20 12:20 . 2012-04-07 21:29    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-20 12:20 . 2012-04-07 21:29    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-13 03:15 . 2012-02-06 16:46    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2015-05-13 03:11 . 2012-10-02 13:34    342528    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2015-05-13 03:11 . 2012-10-02 13:34    16896    ----a-w-    c:\windows\system32\IntcDAuC.dll
2015-05-13 03:10 . 2015-01-19 18:38    940360    ----a-w-    c:\windows\SysWow64\igfxcmrt32.dll
2015-05-13 03:10 . 2015-01-19 18:38    1049576    ----a-w-    c:\windows\system32\igfxcmrt64.dll
2015-05-13 03:10 . 2015-01-19 18:28    99328    ----a-w-    c:\windows\system32\igdde64.dll
2015-05-13 03:10 . 2015-01-19 18:28    78848    ----a-w-    c:\windows\SysWow64\igdde32.dll
2015-05-13 03:10 . 2015-01-19 18:27    25088    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2015-05-13 03:10 . 2015-01-19 18:27    439296    ----a-w-    c:\windows\system32\igfxrrus.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrsky.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrhrv.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437760    ----a-w-    c:\windows\system32\igfxrtrk.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437760    ----a-w-    c:\windows\system32\igfxrslv.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437760    ----a-w-    c:\windows\system32\igfxrnor.lrc
2015-05-13 03:10 . 2015-01-19 18:27    9728    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2015-05-13 03:10 . 2015-01-19 18:27    438272    ----a-w-    c:\windows\system32\igfxrcsy.lrc
2015-05-13 03:10 . 2015-01-19 18:27    142336    ----a-w-    c:\windows\system32\igfxdo.dll
2015-05-13 03:10 . 2015-01-19 18:23    575488    ----a-w-    c:\windows\system32\igfx11cmrt64.dll
2015-05-13 03:10 . 2015-01-19 18:23    542720    ----a-w-    c:\windows\SysWow64\igfx11cmrt32.dll
2015-05-13 03:10 . 2015-01-19 18:23    3121152    ----a-w-    c:\windows\SysWow64\igfxcmjit32.dll
2015-05-13 03:10 . 2015-01-19 18:40    5375448    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2015-05-13 03:10 . 2015-01-19 18:38    530968    ----a-w-    c:\windows\system32\iglhsip64.dll
2015-05-13 03:10 . 2015-01-19 18:38    525800    ----a-w-    c:\windows\SysWow64\iglhsip32.dll
2015-05-13 03:10 . 2015-01-19 18:38    31984    ----a-w-    c:\windows\system32\igfxexps.dll
2015-05-13 03:10 . 2015-01-19 18:38    220432    ----a-w-    c:\windows\system32\iglhcp64.dll
2015-05-13 03:10 . 2015-01-19 18:38    12694808    ----a-w-    c:\windows\system32\igdumd64.dll
2015-05-13 03:10 . 2015-01-19 18:27    330752    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
2015-05-13 03:10 . 2015-01-19 18:27    9007616    ----a-w-    c:\windows\system32\igfxress.dll
2015-05-13 03:10 . 2015-01-19 18:27    64000    ----a-w-    c:\windows\system32\igfxsrvc.dll
2015-05-13 03:10 . 2015-01-19 18:27    440320    ----a-w-    c:\windows\system32\igfxrell.lrc
2015-05-13 03:10 . 2015-01-19 18:27    439808    ----a-w-    c:\windows\system32\igfxrfra.lrc
2015-05-13 03:10 . 2015-01-19 18:27    439808    ----a-w-    c:\windows\system32\igfxresn.lrc
2015-05-13 03:10 . 2015-01-19 18:27    439296    ----a-w-    c:\windows\system32\igfxrrom.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrptg.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrplk.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrnld.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrita.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438272    ----a-w-    c:\windows\system32\igfxrhun.lrc
2015-05-13 03:10 . 2015-01-19 18:27    438272    ----a-w-    c:\windows\system32\igfxrfin.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437760    ----a-w-    c:\windows\system32\igfxrptb.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437248    ----a-w-    c:\windows\system32\igfxrtha.lrc
2015-05-13 03:10 . 2015-01-19 18:27    435712    ----a-w-    c:\windows\system32\igfxrheb.lrc
2015-05-13 03:10 . 2015-01-19 18:27    432128    ----a-w-    c:\windows\system32\igfxrjpn.lrc
2015-05-13 03:10 . 2015-01-19 18:27    431104    ----a-w-    c:\windows\system32\igfxrkor.lrc
2015-05-13 03:10 . 2015-01-19 18:27    286208    ----a-w-    c:\windows\system32\igfxrenu.lrc
2015-05-13 03:10 . 2015-01-19 18:27    442880    ----a-w-    c:\windows\system32\igfxdev.dll
2015-05-13 03:10 . 2015-01-19 18:27    438784    ----a-w-    c:\windows\system32\igfxrdeu.lrc
2015-05-13 03:10 . 2015-01-19 18:27    437248    ----a-w-    c:\windows\system32\igfxrdan.lrc
2015-05-13 03:10 . 2015-01-19 18:27    435712    ----a-w-    c:\windows\system32\igfxrara.lrc
2015-05-13 03:10 . 2015-01-19 18:27    429056    ----a-w-    c:\windows\system32\igfxrcht.lrc
2015-05-13 03:10 . 2015-01-19 18:27    428544    ----a-w-    c:\windows\system32\igfxrchs.lrc
2015-05-13 03:10 . 2015-01-19 18:27    410624    ----a-w-    c:\windows\system32\igfxTMM.dll
2015-05-13 03:10 . 2015-01-19 18:27    384512    ----a-w-    c:\windows\system32\igfxpph.dll
2015-05-13 03:10 . 2015-01-19 18:27    175104    ----a-w-    c:\windows\system32\gfxSrvc.dll
2015-05-13 03:10 . 2015-01-19 18:27    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
2015-05-13 03:10 . 2015-01-19 18:27    110592    ----a-w-    c:\windows\system32\hccutils.dll
2015-05-13 03:10 . 2012-01-10 17:55    11245520    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
2015-05-13 03:10 . 2011-04-14 03:01    11117808    ----a-w-    c:\windows\SysWow64\igdumd32.dll
2015-05-13 03:10 . 2011-04-14 03:01    12937864    ----a-w-    c:\windows\system32\igd10umd64.dll
2015-05-13 03:10 . 2015-01-19 18:38    184352    ----a-w-    c:\windows\SysWow64\iglhcp32.dll
2015-05-13 03:10 . 2015-01-19 18:26    13028864    ----a-w-    c:\windows\system32\ig4icd64.dll
2015-05-13 03:10 . 2015-01-19 18:25    10811392    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
2015-05-13 02:17 . 2012-04-08 13:19    140425016    ----a-w-    c:\windows\system32\MRT.exe
2015-05-13 02:06 . 2015-05-13 02:06    470528    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2015-05-13 02:06 . 2015-05-13 02:06    2178560    ----a-w-    c:\windows\apppatch\AcGenral.dll
2015-05-13 02:06 . 2015-05-13 02:06    309248    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-05-13 02:06 . 2015-05-13 02:06    103424    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-05-13 02:06 . 2015-05-13 02:06    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2015-05-01 12:11 . 2013-12-21 17:57    137288    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-05-01 12:11 . 2013-03-02 05:11    272248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-05-01 12:11 . 2013-03-02 05:11    65736    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-05-01 12:11 . 2012-04-03 23:35    442264    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-05-01 12:11 . 2012-04-03 23:35    89944    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-05-01 12:11 . 2014-04-19 01:09    29168    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-05-01 12:11 . 2012-04-03 23:35    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-05-01 12:10 . 2012-04-03 23:35    1047320    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-04-30 14:47 . 2012-04-08 21:51    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-04-30 02:39 . 2014-10-15 02:19    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-30 00:12 . 2012-08-21 17:01    125872    ----a-w-    c:\windows\system32\GEARAspi64.dll
2015-04-30 00:12 . 2012-08-21 17:01    106928    ----a-w-    c:\windows\SysWow64\GEARAspi.dll
2015-04-27 19:04 . 2015-05-13 02:07    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-04-01 17:49 . 2012-02-03 23:27    104608    ----a-w-    c:\windows\system32\drivers\inspect.sys
2015-04-01 17:49 . 2012-03-12 01:13    45880    ----a-w-    c:\windows\system32\drivers\cmdhlp.sys
2015-04-01 17:49 . 2012-03-12 01:13    797280    ----a-w-    c:\windows\system32\drivers\cmdGuard.sys
2015-04-01 17:49 . 2012-03-12 01:13    20696    ----a-w-    c:\windows\system32\drivers\cmderd.sys
2015-04-01 17:48 . 2012-03-12 01:13    41248    ----a-w-    c:\windows\system32\cmdcsr.dll
2015-04-01 17:48 . 2012-03-12 01:13    41248    ----a-w-    c:\windows\system32\cmdcsr(65).dll
2015-04-01 17:48 . 2012-03-12 01:13    444472    ----a-w-    c:\windows\SysWow64\guard32.dll
2015-04-01 17:48 . 2012-03-12 01:13    444472    ----a-w-    c:\windows\SysWow64\guard32(67).dll
2015-04-01 17:48 . 2012-03-12 01:13    576848    ----a-w-    c:\windows\system32\guard64.dll
2015-04-01 17:48 . 2012-03-12 01:13    576848    ----a-w-    c:\windows\system32\guard64(66).dll
2015-04-01 17:47 . 2014-04-07 11:46    358104    ----a-w-    c:\windows\system32\cmdvrt64.dll
2015-04-01 17:46 . 2014-04-07 11:46    45784    ----a-w-    c:\windows\system32\cmdkbd64.dll
2015-04-01 17:45 . 2014-04-07 11:46    288472    ----a-w-    c:\windows\SysWow64\cmdvrt32.dll
2015-04-01 17:45 . 2014-04-07 11:46    40664    ----a-w-    c:\windows\SysWow64\cmdkbd32.dll
2015-02-24 08:17 . 2010-11-21 03:27    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-06 23:54 . 2015-02-06 23:54    6103040    ----a-w-    c:\program files (x86)\GUT47FA.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806744]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-05-16 2888384]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GoogleChromeAutoLaunch_E343CED88E4CAEA33D87656C3372D0D1"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-05-15 812872]
"f.lux"="c:\users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe" [2015-03-13 1017224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-30 8204056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-02-06 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-04-30 60712]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
.
c:\users\Tori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Continue system repair.lnk - c:\program files\UVK - Ultra Virus Killer\RebootExec.exe -ContinueRepair "c:\program files\UVK - Ultra Virus Killer\ContinueRepair_Tori.uvksr" [2012-11-4 246272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-15 11:40    988488    ----a-w-    c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-03-17 05:34    285344    ----a-w-    c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:20]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:44]
.
2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:44]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001Core.job
- c:\users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 01:13]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195519750-1132866062-3218553652-1001UA.job
- c:\users\Tori\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 01:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-01 12:11    722400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Tori\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 15:34    774984    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-06 17:10    1502720    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-02-04 444520]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-02-06 789920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-30 169768]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-02-04 173672]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-02-04 401512]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-06 5908928]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-06 9769888]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-30 1426136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2195519750-1132866062-3218553652-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,b2,43,41,c5,44,65,13,fb,5c,7d,27,9c,65,e0,b5,30,5d,40,b4,35,
   15,17,87,c8,78,4b,96,74,cb,a4,17,d0,e1,67,fc,5b,ef,80,0f,8c,56,08,b6,b4,76,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-05-20  17:11:37
ComboFix-quarantined-files.txt  2015-05-20 21:11
.
Pre-Run: 232,315,392,000 bytes free
Post-Run: 231,367,823,360 bytes free
.
- - End Of File - - ED02DBFF621AB3EA9E0717F020FA3F1E
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 20 May 2015 - 04:18 PM

warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.
This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.
 

 

 

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png

  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 20 May 2015 - 08:21 PM

Okay. I heard that Avast and Malwarebytes are okay to have on your computer together, so I removed the other ones and ran my Malware Bytes scan. Here are the results:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2015
Scan Time: 8:30:18 PM
Logfile: Malware Report.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.06
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tori

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 470169
Time Elapsed: 30 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 21 May 2015 - 02:37 AM

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 21 May 2015 - 02:38 AM

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 21 May 2015 - 08:25 AM

Here is the TDSS Killer Report. I will now run the Hitman Pro:

9:21:05.0631 0x2608  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:21:09.0445 0x2608  ============================================================
09:21:09.0445 0x2608  Current date / time: 2015/05/21 09:21:09.0445
09:21:09.0445 0x2608  SystemInfo:
09:21:09.0445 0x2608  
09:21:09.0445 0x2608  OS Version: 6.1.7601 ServicePack: 1.0
09:21:09.0445 0x2608  Product type: Workstation
09:21:09.0446 0x2608  ComputerName: TOMATO
09:21:09.0446 0x2608  UserName: Tori
09:21:09.0446 0x2608  Windows directory: C:\windows
09:21:09.0446 0x2608  System windows directory: C:\windows
09:21:09.0446 0x2608  Running under WOW64
09:21:09.0446 0x2608  Processor architecture: Intel x64
09:21:09.0446 0x2608  Number of processors: 4
09:21:09.0446 0x2608  Page size: 0x1000
09:21:09.0446 0x2608  Boot type: Normal boot
09:21:09.0446 0x2608  ============================================================
09:21:09.0790 0x2608  KLMD registered as C:\windows\system32\drivers\45123324.sys
09:21:10.0638 0x2608  System UUID: {4C02B337-5520-6761-88F2-EF1AC5384235}
09:21:11.0262 0x2608  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:21:11.0267 0x2608  ============================================================
09:21:11.0267 0x2608  \Device\Harddisk0\DR0:
09:21:11.0267 0x2608  MBR partitions:
09:21:11.0267 0x2608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
09:21:11.0267 0x2608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
09:21:11.0293 0x2608  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
09:21:11.0293 0x2608  ============================================================
09:21:11.0484 0x2608  C: <-> \Device\Harddisk0\DR0\Partition2
09:21:11.0618 0x2608  D: <-> \Device\Harddisk0\DR0\Partition3
09:21:11.0619 0x2608  ============================================================
09:21:11.0619 0x2608  Initialize success
09:21:11.0619 0x2608  ============================================================
09:21:58.0766 0x1afc  ============================================================
09:21:58.0766 0x1afc  Scan started
09:21:58.0766 0x1afc  Mode: Manual; SigCheck; TDLFS;
09:21:58.0766 0x1afc  ============================================================
09:21:58.0766 0x1afc  KSN ping started
09:22:12.0464 0x1afc  KSN ping finished: true
09:22:14.0329 0x1afc  ================ Scan system memory ========================
09:22:14.0329 0x1afc  System memory - ok
09:22:14.0329 0x1afc  ================ Scan services =============================
09:22:15.0219 0x1afc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:22:15.0469 0x1afc  1394ohci - ok
09:22:15.0531 0x1afc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:22:15.0562 0x1afc  ACPI - ok
09:22:15.0593 0x1afc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:22:15.0734 0x1afc  AcpiPmi - ok
09:22:15.0781 0x1afc  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
09:22:15.0796 0x1afc  ACPIVPC - ok
09:22:16.0077 0x1afc  [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:22:16.0139 0x1afc  AdobeARMservice - ok
09:22:16.0795 0x1afc  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:22:16.0826 0x1afc  AdobeFlashPlayerUpdateSvc - ok
09:22:16.0919 0x1afc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
09:22:16.0966 0x1afc  adp94xx - ok
09:22:17.0044 0x1afc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
09:22:17.0107 0x1afc  adpahci - ok
09:22:17.0138 0x1afc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
09:22:17.0153 0x1afc  adpu320 - ok
09:22:17.0231 0x1afc  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:22:17.0342 0x1afc  AeLookupSvc - ok
09:22:17.0420 0x1afc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
09:22:17.0529 0x1afc  AFD - ok
09:22:17.0622 0x1afc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
09:22:17.0654 0x1afc  agp440 - ok
09:22:17.0700 0x1afc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
09:22:17.0810 0x1afc  ALG - ok
09:22:17.0888 0x1afc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
09:22:17.0919 0x1afc  aliide - ok
09:22:17.0950 0x1afc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
09:22:17.0983 0x1afc  amdide - ok
09:22:18.0026 0x1afc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
09:22:18.0115 0x1afc  AmdK8 - ok
09:22:18.0142 0x1afc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
09:22:18.0182 0x1afc  AmdPPM - ok
09:22:18.0206 0x1afc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:22:18.0218 0x1afc  amdsata - ok
09:22:18.0231 0x1afc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
09:22:18.0246 0x1afc  amdsbs - ok
09:22:18.0263 0x1afc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:22:18.0274 0x1afc  amdxata - ok
09:22:18.0337 0x1afc  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\windows\system32\drivers\appid.sys
09:22:18.0392 0x1afc  AppID - ok
09:22:18.0392 0x1afc  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:22:18.0423 0x1afc  AppIDSvc - ok
09:22:18.0454 0x1afc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
09:22:18.0532 0x1afc  Appinfo - ok
09:22:18.0688 0x1afc  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:22:18.0704 0x1afc  Apple Mobile Device Service - ok
09:22:18.0766 0x1afc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
09:22:18.0797 0x1afc  arc - ok
09:22:18.0828 0x1afc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
09:22:18.0828 0x1afc  arcsas - ok
09:22:19.0640 0x1afc  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:22:19.0686 0x1afc  aspnet_state - ok
09:22:19.0780 0x1afc  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
09:22:19.0811 0x1afc  aswHwid - ok
09:22:19.0889 0x1afc  [ 36949EB7E71C5779C5163AF6AFB2A161, 2661829B771E7ADFFC15FA4B4BB317AEB52CA264762D8B9A2892BB5B2D3B8C9C ] aswKbd          C:\windows\system32\drivers\aswKbd.sys
09:22:19.0905 0x1afc  aswKbd - ok
09:22:19.0967 0x1afc  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
09:22:20.0014 0x1afc  aswMonFlt - ok
09:22:20.0030 0x1afc  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
09:22:20.0045 0x1afc  aswRdr - ok
09:22:20.0092 0x1afc  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
09:22:20.0108 0x1afc  aswRvrt - ok
09:22:20.0311 0x1afc  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
09:22:20.0343 0x1afc  aswSnx - ok
09:22:20.0421 0x1afc  [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP           C:\windows\system32\drivers\aswSP.sys
09:22:20.0467 0x1afc  aswSP - ok
09:22:20.0545 0x1afc  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\windows\system32\drivers\aswStm.sys
09:22:20.0577 0x1afc  aswStm - ok
09:22:20.0608 0x1afc  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
09:22:20.0639 0x1afc  aswVmm - ok
09:22:20.0686 0x1afc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:22:20.0795 0x1afc  AsyncMac - ok
09:22:20.0857 0x1afc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
09:22:20.0889 0x1afc  atapi - ok
09:22:20.0982 0x1afc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:22:21.0107 0x1afc  AudioEndpointBuilder - ok
09:22:21.0326 0x1afc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:22:21.0373 0x1afc  AudioSrv - ok
09:22:21.0467 0x1afc  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:22:21.0514 0x1afc  avast! Antivirus - ok
09:22:21.0592 0x1afc  AvastVBoxSvc - ok
09:22:21.0685 0x1afc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:22:21.0841 0x1afc  AxInstSV - ok
09:22:21.0890 0x1afc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
09:22:21.0984 0x1afc  b06bdrv - ok
09:22:22.0046 0x1afc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:22:22.0155 0x1afc  b57nd60a - ok
09:22:22.0218 0x1afc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
09:22:22.0311 0x1afc  BDESVC - ok
09:22:22.0342 0x1afc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
09:22:22.0452 0x1afc  Beep - ok
09:22:22.0592 0x1afc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
09:22:22.0686 0x1afc  BFE - ok
09:22:22.0842 0x1afc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
09:22:23.0060 0x1afc  BITS - ok
09:22:23.0109 0x1afc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:22:23.0171 0x1afc  blbdrive - ok
09:22:23.0293 0x1afc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:22:23.0331 0x1afc  Bonjour Service - ok
09:22:23.0386 0x1afc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:22:23.0479 0x1afc  bowser - ok
09:22:23.0526 0x1afc  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys
09:22:23.0557 0x1afc  BPntDrv - ok
09:22:23.0604 0x1afc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
09:22:23.0682 0x1afc  BrFiltLo - ok
09:22:23.0713 0x1afc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
09:22:23.0729 0x1afc  BrFiltUp - ok
09:22:23.0776 0x1afc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
09:22:23.0854 0x1afc  BridgeMP - ok
09:22:23.0947 0x1afc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
09:22:24.0041 0x1afc  Browser - ok
09:22:24.0088 0x1afc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:22:24.0119 0x1afc  Brserid - ok
09:22:24.0166 0x1afc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:22:24.0213 0x1afc  BrSerWdm - ok
09:22:24.0244 0x1afc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:22:24.0291 0x1afc  BrUsbMdm - ok
09:22:24.0322 0x1afc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:22:24.0353 0x1afc  BrUsbSer - ok
09:22:24.0415 0x1afc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
09:22:24.0478 0x1afc  BthEnum - ok
09:22:24.0509 0x1afc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
09:22:24.0540 0x1afc  BTHMODEM - ok
09:22:24.0571 0x1afc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
09:22:24.0618 0x1afc  BthPan - ok
09:22:24.0696 0x1afc  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
09:22:24.0743 0x1afc  BTHPORT - ok
09:22:24.0805 0x1afc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
09:22:24.0868 0x1afc  bthserv - ok
09:22:24.0899 0x1afc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
09:22:24.0930 0x1afc  BTHUSB - ok
09:22:25.0024 0x1afc  [ A0DFB69ADE3444C78B17636FCF28E898, 21B1E76F056C2AFD5DEAFD620D2F90F4F617F8E76A88CEA2196E69D2CFBEE88B ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
09:22:25.0055 0x1afc  BTWAMPFL - ok
09:22:25.0071 0x1afc  [ 7CF028CE78696882B327FF13D2DFA534, 624C88C3CB511DE5F8279B7E982632F81FDFCAC8F2B038B69FEB686400E0C4F8 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
09:22:25.0086 0x1afc  btwaudio - ok
09:22:25.0102 0x1afc  [ 3DEF2370E414B4E299673558BA171A51, 5A0923D9F941ABD34EC9BEE0EB62A62F135CBF128061239CC6EA0E6752791636 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
09:22:25.0117 0x1afc  btwavdt - ok
09:22:25.0228 0x1afc  [ 3D5E7FB2CB69A6186C7954C0859173F4, B6697707EAAA99E04DBB8525DBEA227F9B8BC09F8A41EFD053EF749DFB8C71F7 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
09:22:25.0274 0x1afc  btwdins - ok
09:22:25.0307 0x1afc  [ 346B4051B3D7FF70E8F027869B8ECA6E, 7C0485F592368016C6BAB8B1BC24C89454D4B305C3E6DFB8AAF4CDB26062D4EB ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
09:22:25.0322 0x1afc  btwl2cap - ok
09:22:25.0338 0x1afc  [ 9937E0E4DFC0030560A6DFE9D3A94B39, 0B9CF1932D4534BD7B1F5D7B7BD5FBF9C8D156838D24ABBDE475E79EEF1150F1 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
09:22:25.0338 0x1afc  btwrchid - ok
09:22:25.0603 0x1afc  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
09:22:25.0697 0x1afc  c2cautoupdatesvc - ok
09:22:26.0009 0x1afc  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
09:22:26.0087 0x1afc  c2cpnrsvc - ok
09:22:26.0133 0x1afc  catchme - ok
09:22:26.0180 0x1afc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:22:26.0278 0x1afc  cdfs - ok
09:22:26.0371 0x1afc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
09:22:26.0403 0x1afc  cdrom - ok
09:22:26.0465 0x1afc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
09:22:26.0574 0x1afc  CertPropSvc - ok
09:22:26.0590 0x1afc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
09:22:26.0605 0x1afc  circlass - ok
09:22:26.0699 0x1afc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
09:22:26.0730 0x1afc  CLFS - ok
09:22:26.0987 0x1afc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:22:27.0065 0x1afc  clr_optimization_v2.0.50727_32 - ok
09:22:27.0268 0x1afc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:22:27.0315 0x1afc  clr_optimization_v2.0.50727_64 - ok
09:22:27.0830 0x1afc  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:22:27.0876 0x1afc  clr_optimization_v4.0.30319_32 - ok
09:22:27.0970 0x1afc  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:22:27.0991 0x1afc  clr_optimization_v4.0.30319_64 - ok
09:22:28.0053 0x1afc  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
09:22:28.0091 0x1afc  clwvd - ok
09:22:28.0134 0x1afc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:22:28.0208 0x1afc  CmBatt - ok
09:22:29.0727 0x1afc  [ 3BE967B88EFD7F1AE2E60A7AAA941E50, C3751F9E1A463D6EE8B5A5DA71FA07F103BE116147E65986B7A14F60FFA2492B ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:22:29.0852 0x1afc  cmdAgent - ok
09:22:30.0158 0x1afc  [ 5BDC0D839189FC02412291885FC00DEB, 405E7DADCD1132C0CF4DFA4E41A700313A76E97E59331E284D7087A54D786E13 ] cmdGuard        C:\windows\system32\DRIVERS\cmdguard.sys
09:22:30.0224 0x1afc  cmdGuard - ok
09:22:30.0302 0x1afc  [ D68EAB573AC627A87DC89528A81465FB, 232BA61F0F9889C280E7B66EFAE5F6EB2B29B28FC2CCA8867AE4A1EEB99108BA ] cmdHlp          C:\windows\system32\DRIVERS\cmdhlp.sys
09:22:30.0333 0x1afc  cmdHlp - ok
09:22:30.0348 0x1afc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:22:30.0380 0x1afc  cmdide - ok
09:22:30.0910 0x1afc  [ 5D97D2938DD414D5F76B521AE4F91F3A, C2B7C533DE0D88360E18964C0EC68FA9D244149406A259F84C0489C61C83FA48 ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:22:30.0957 0x1afc  cmdvirth - ok
09:22:31.0004 0x1afc  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
09:22:31.0050 0x1afc  CNG - ok
09:22:31.0097 0x1afc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
09:22:31.0128 0x1afc  Compbatt - ok
09:22:31.0160 0x1afc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
09:22:31.0238 0x1afc  CompositeBus - ok
09:22:31.0269 0x1afc  COMSysApp - ok
09:22:31.0425 0x1afc  [ 2CA71BFF68323A0EADD9C4A9814A0EA0, E34096EB7D7B003F743C7A1F30A0CEF6B1F4154B10F7C98DB7C454ABFAB3E472 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
09:22:31.0503 0x1afc  cphs - ok
09:22:31.0518 0x1afc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
09:22:31.0534 0x1afc  crcdisk - ok
09:22:31.0581 0x1afc  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:22:31.0659 0x1afc  CryptSvc - ok
09:22:31.0706 0x1afc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:22:31.0799 0x1afc  DcomLaunch - ok
09:22:31.0877 0x1afc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
09:22:31.0955 0x1afc  defragsvc - ok
09:22:32.0002 0x1afc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:22:32.0049 0x1afc  DfsC - ok
09:22:32.0096 0x1afc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
09:22:32.0205 0x1afc  Dhcp - ok
09:22:32.0799 0x1afc  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\windows\system32\diagtrack.dll
09:22:32.0999 0x1afc  DiagTrack - ok
09:22:33.0045 0x1afc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
09:22:33.0100 0x1afc  discache - ok
09:22:33.0166 0x1afc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
09:22:33.0194 0x1afc  Disk - ok
09:22:33.0248 0x1afc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:22:33.0337 0x1afc  Dnscache - ok
09:22:33.0357 0x1afc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
09:22:33.0418 0x1afc  dot3svc - ok
09:22:33.0449 0x1afc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
09:22:33.0558 0x1afc  DPS - ok
09:22:33.0605 0x1afc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:22:33.0683 0x1afc  drmkaud - ok
09:22:33.0933 0x1afc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:22:33.0964 0x1afc  DXGKrnl - ok
09:22:34.0011 0x1afc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
09:22:34.0058 0x1afc  EapHost - ok
09:22:34.0853 0x1afc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
09:22:35.0087 0x1afc  ebdrv - ok
09:22:35.0166 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\windows\System32\lsass.exe
09:22:35.0291 0x1afc  EFS - ok
09:22:35.0587 0x1afc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:22:35.0729 0x1afc  ehRecvr - ok
09:22:35.0760 0x1afc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
09:22:35.0776 0x1afc  ehSched - ok
09:22:35.0869 0x1afc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
09:22:35.0916 0x1afc  elxstor - ok
09:22:35.0947 0x1afc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:22:35.0994 0x1afc  ErrDev - ok
09:22:36.0088 0x1afc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
09:22:36.0134 0x1afc  EventSystem - ok
09:22:36.0479 0x1afc  [ E3A96D5AE6E5C7B5472011BA77353368, 846D8E5AF471CEAB3E12D6CB2ED0D25EF28B768AC10AD873F33F3F5BEC80CF25 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:22:36.0557 0x1afc  EvtEng - ok
09:22:36.0744 0x1afc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
09:22:36.0869 0x1afc  exfat - ok
09:22:36.0900 0x1afc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:22:36.0978 0x1afc  fastfat - ok
09:22:37.0087 0x1afc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
09:22:37.0181 0x1afc  Fax - ok
09:22:37.0227 0x1afc  [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
09:22:37.0243 0x1afc  fbfmon - ok
09:22:37.0274 0x1afc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
09:22:37.0353 0x1afc  fdc - ok
09:22:37.0400 0x1afc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
09:22:37.0478 0x1afc  fdPHost - ok
09:22:37.0494 0x1afc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
09:22:37.0540 0x1afc  FDResPub - ok
09:22:37.0572 0x1afc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:22:37.0587 0x1afc  FileInfo - ok
09:22:37.0603 0x1afc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:22:37.0650 0x1afc  Filetrace - ok
09:22:37.0712 0x1afc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
09:22:37.0774 0x1afc  flpydisk - ok
09:22:37.0806 0x1afc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:22:37.0868 0x1afc  FltMgr - ok
09:22:38.0012 0x1afc  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\windows\system32\FntCache.dll
09:22:38.0129 0x1afc  FontCache - ok
09:22:38.0231 0x1afc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:22:38.0283 0x1afc  FontCache3.0.0.0 - ok
09:22:38.0327 0x1afc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:22:38.0345 0x1afc  FsDepends - ok
09:22:38.0394 0x1afc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:22:38.0406 0x1afc  Fs_Rec - ok
09:22:38.0500 0x1afc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:22:38.0547 0x1afc  fvevol - ok
09:22:38.0578 0x1afc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
09:22:38.0578 0x1afc  gagp30kx - ok
09:22:38.0656 0x1afc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:22:38.0688 0x1afc  GEARAspiWDM - ok
09:22:38.0968 0x1afc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
09:22:39.0078 0x1afc  gpsvc - ok
09:22:39.0280 0x1afc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:22:39.0312 0x1afc  gupdate - ok
09:22:39.0374 0x1afc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:22:39.0405 0x1afc  gupdatem - ok
09:22:39.0468 0x1afc  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:22:39.0514 0x1afc  gusvc - ok
09:22:39.0546 0x1afc  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\windows\system32\DRIVERS\hamachi.sys
09:22:39.0561 0x1afc  hamachi - ok
09:22:39.0577 0x1afc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:22:39.0655 0x1afc  hcw85cir - ok
09:22:39.0717 0x1afc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:22:39.0780 0x1afc  HdAudAddService - ok
09:22:39.0826 0x1afc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
09:22:39.0889 0x1afc  HDAudBus - ok
09:22:39.0920 0x1afc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
09:22:39.0998 0x1afc  HidBatt - ok
09:22:40.0029 0x1afc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
09:22:40.0092 0x1afc  HidBth - ok
09:22:40.0107 0x1afc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
09:22:40.0166 0x1afc  HidIr - ok
09:22:40.0197 0x1afc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
09:22:40.0306 0x1afc  hidserv - ok
09:22:40.0369 0x1afc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
09:22:40.0509 0x1afc  HidUsb - ok
09:22:40.0603 0x1afc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:22:40.0696 0x1afc  hkmsvc - ok
09:22:40.0743 0x1afc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:22:40.0837 0x1afc  HomeGroupListener - ok
09:22:40.0883 0x1afc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:22:40.0977 0x1afc  HomeGroupProvider - ok
09:22:41.0039 0x1afc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:22:41.0071 0x1afc  HpSAMD - ok
09:22:41.0320 0x1afc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:22:41.0493 0x1afc  HTTP - ok
09:22:41.0540 0x1afc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:22:41.0555 0x1afc  hwpolicy - ok
09:22:41.0586 0x1afc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
09:22:41.0618 0x1afc  i8042prt - ok
09:22:41.0758 0x1afc  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:22:41.0789 0x1afc  iaStor - ok
09:22:41.0867 0x1afc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:22:41.0914 0x1afc  iaStorV - ok
09:22:42.0070 0x1afc  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
09:22:42.0101 0x1afc  ICCS - ok
09:22:42.0335 0x1afc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:22:42.0382 0x1afc  idsvc - ok
09:22:42.0444 0x1afc  IEEtwCollectorService - ok
09:22:43.0119 0x1afc  [ 79DB4631AA247E791C7F0F085822B6C3, F4F6B7221987E9CC6F1FDA7FF47BD95916866334963CE5DE836493A3A5717451 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
09:22:43.0564 0x1afc  igfx - ok
09:22:43.0626 0x1afc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
09:22:43.0642 0x1afc  iirsp - ok
09:22:43.0845 0x1afc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
09:22:43.0938 0x1afc  IKEEXT - ok
09:22:44.0001 0x1afc  [ E973F9A8734ABAB33BE777CE940F9562, FA9E44AF737BC42467E734A50A48A0D4176A79DB54DBBA3504674F1E3568AC73 ] inspect         C:\windows\system32\DRIVERS\inspect.sys
09:22:44.0016 0x1afc  inspect - ok
09:22:44.0562 0x1afc  [ ABA41EE6F5EEFC034F3BBD025506B37E, 06751C79C4390555292FAB994B7D4CB8B55DDF0846D0CC8900215A65758332EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:22:44.0671 0x1afc  IntcAzAudAddService - ok
09:22:44.0796 0x1afc  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
09:22:44.0874 0x1afc  IntcDAud - ok
09:22:44.0937 0x1afc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
09:22:44.0999 0x1afc  intelide - ok
09:22:45.0077 0x1afc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:22:45.0108 0x1afc  intelppm - ok
09:22:45.0155 0x1afc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:22:45.0233 0x1afc  IPBusEnum - ok
09:22:45.0249 0x1afc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:22:45.0295 0x1afc  IpFilterDriver - ok
09:22:45.0390 0x1afc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:22:45.0421 0x1afc  iphlpsvc - ok
09:22:45.0437 0x1afc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:22:45.0484 0x1afc  IPMIDRV - ok
09:22:45.0515 0x1afc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:22:45.0562 0x1afc  IPNAT - ok
09:22:45.0780 0x1afc  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:22:45.0811 0x1afc  iPod Service - ok
09:22:45.0858 0x1afc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:22:45.0905 0x1afc  IRENUM - ok
09:22:45.0936 0x1afc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:22:45.0967 0x1afc  isapnp - ok
09:22:46.0061 0x1afc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:22:46.0092 0x1afc  iScsiPrt - ok
09:22:46.0154 0x1afc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
09:22:46.0170 0x1afc  kbdclass - ok
09:22:46.0217 0x1afc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
09:22:46.0217 0x1afc  kbdhid - ok
09:22:46.0264 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\windows\system32\lsass.exe
09:22:46.0295 0x1afc  KeyIso - ok
09:22:46.0342 0x1afc  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:22:46.0388 0x1afc  KSecDD - ok
09:22:46.0420 0x1afc  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:22:46.0451 0x1afc  KSecPkg - ok
09:22:46.0482 0x1afc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:22:46.0529 0x1afc  ksthunk - ok
09:22:46.0638 0x1afc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
09:22:46.0732 0x1afc  KtmRm - ok
09:22:46.0810 0x1afc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
09:22:46.0903 0x1afc  LanmanServer - ok
09:22:46.0934 0x1afc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:22:46.0981 0x1afc  LanmanWorkstation - ok
09:22:47.0044 0x1afc  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
09:22:47.0075 0x1afc  LHDmgr - ok
09:22:47.0137 0x1afc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:22:47.0215 0x1afc  lltdio - ok
09:22:47.0340 0x1afc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:22:47.0496 0x1afc  lltdsvc - ok
09:22:47.0527 0x1afc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:22:47.0574 0x1afc  lmhosts - ok
09:22:47.0668 0x1afc  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:22:47.0699 0x1afc  LMS - ok
09:22:47.0746 0x1afc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
09:22:47.0777 0x1afc  LSI_FC - ok
09:22:47.0824 0x1afc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
09:22:47.0870 0x1afc  LSI_SAS - ok
09:22:47.0995 0x1afc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
09:22:48.0061 0x1afc  LSI_SAS2 - ok
09:22:48.0157 0x1afc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
09:22:48.0188 0x1afc  LSI_SCSI - ok
09:22:48.0227 0x1afc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
09:22:48.0330 0x1afc  luafv - ok
09:22:48.0460 0x1afc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:22:48.0554 0x1afc  Mcx2Svc - ok
09:22:48.0585 0x1afc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
09:22:48.0600 0x1afc  megasas - ok
09:22:48.0632 0x1afc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
09:22:48.0663 0x1afc  MegaSR - ok
09:22:48.0694 0x1afc  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
09:22:48.0710 0x1afc  MEIx64 - ok
09:22:48.0772 0x1afc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
09:22:48.0850 0x1afc  MMCSS - ok
09:22:48.0897 0x1afc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
09:22:49.0006 0x1afc  Modem - ok
09:22:49.0053 0x1afc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:22:49.0131 0x1afc  monitor - ok
09:22:49.0178 0x1afc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
09:22:49.0209 0x1afc  mouclass - ok
09:22:49.0256 0x1afc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:22:49.0302 0x1afc  mouhid - ok
09:22:49.0413 0x1afc  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:22:49.0475 0x1afc  mountmgr - ok
09:22:49.0647 0x1afc  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:22:49.0678 0x1afc  MozillaMaintenance - ok
09:22:49.0725 0x1afc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
09:22:49.0771 0x1afc  mpio - ok
09:22:49.0818 0x1afc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:22:49.0865 0x1afc  mpsdrv - ok
09:22:49.0912 0x1afc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:22:50.0037 0x1afc  MpsSvc - ok
09:22:50.0130 0x1afc  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:22:50.0224 0x1afc  MRxDAV - ok
09:22:50.0255 0x1afc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:22:50.0286 0x1afc  mrxsmb - ok
09:22:50.0317 0x1afc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:22:50.0333 0x1afc  mrxsmb10 - ok
09:22:50.0349 0x1afc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:22:50.0411 0x1afc  mrxsmb20 - ok
09:22:50.0458 0x1afc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
09:22:50.0489 0x1afc  msahci - ok
09:22:50.0536 0x1afc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:22:50.0567 0x1afc  msdsm - ok
09:22:50.0629 0x1afc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
09:22:50.0676 0x1afc  MSDTC - ok
09:22:50.0723 0x1afc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:22:50.0801 0x1afc  Msfs - ok
09:22:50.0848 0x1afc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:22:50.0910 0x1afc  mshidkmdf - ok
09:22:50.0973 0x1afc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:22:51.0004 0x1afc  msisadrv - ok
09:22:51.0035 0x1afc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:22:51.0113 0x1afc  MSiSCSI - ok
09:22:51.0129 0x1afc  msiserver - ok
09:22:51.0175 0x1afc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:22:51.0253 0x1afc  MSKSSRV - ok
09:22:51.0285 0x1afc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:22:51.0347 0x1afc  MSPCLOCK - ok
09:22:51.0378 0x1afc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:22:51.0487 0x1afc  MSPQM - ok
09:22:51.0612 0x1afc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:22:51.0659 0x1afc  MsRPC - ok
09:22:51.0737 0x1afc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
09:22:51.0784 0x1afc  mssmbios - ok
09:22:51.0815 0x1afc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:22:51.0909 0x1afc  MSTEE - ok
09:22:51.0955 0x1afc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
09:22:51.0987 0x1afc  MTConfig - ok
09:22:52.0002 0x1afc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
09:22:52.0018 0x1afc  Mup - ok
09:22:52.0111 0x1afc  [ 8F57DB74BF5407A4CDA6C8B005DC8DD0, 07D8F8605DD8FCBB3404E3A35274C87E9EC78E402C11C3E809CB44C0EB516434 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:22:52.0143 0x1afc  MyWiFiDHCPDNS - ok
09:22:52.0205 0x1afc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
09:22:52.0252 0x1afc  napagent - ok
09:22:52.0330 0x1afc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:22:52.0408 0x1afc  NativeWifiP - ok
09:22:52.0501 0x1afc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
09:22:52.0548 0x1afc  NDIS - ok
09:22:52.0595 0x1afc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:22:52.0658 0x1afc  NdisCap - ok
09:22:52.0690 0x1afc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:22:52.0783 0x1afc  NdisTapi - ok
09:22:52.0830 0x1afc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:22:52.0908 0x1afc  Ndisuio - ok
09:22:52.0924 0x1afc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:22:52.0970 0x1afc  NdisWan - ok
09:22:53.0050 0x1afc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:22:53.0129 0x1afc  NDProxy - ok
09:22:53.0167 0x1afc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:22:53.0278 0x1afc  NetBIOS - ok
09:22:53.0297 0x1afc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:22:53.0359 0x1afc  NetBT - ok
09:22:53.0380 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\windows\system32\lsass.exe
09:22:53.0394 0x1afc  Netlogon - ok
09:22:53.0444 0x1afc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
09:22:53.0491 0x1afc  Netman - ok
09:22:53.0881 0x1afc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:22:53.0944 0x1afc  NetMsmqActivator - ok
09:22:53.0959 0x1afc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:22:53.0975 0x1afc  NetPipeActivator - ok
09:22:54.0037 0x1afc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
09:22:54.0100 0x1afc  netprofm - ok
09:22:54.0131 0x1afc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:22:54.0146 0x1afc  NetTcpActivator - ok
09:22:54.0178 0x1afc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:22:54.0193 0x1afc  NetTcpPortSharing - ok
09:22:55.0161 0x1afc  [ 50AD7F7040C22BB7CAA59A0880875A21, 34A3BE5C708F3498F6350EF041CE33847C1D041D610DFDA41AA877F87DD26050 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
09:22:55.0552 0x1afc  NETwNs64 - ok
09:22:55.0614 0x1afc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
09:22:55.0630 0x1afc  nfrd960 - ok
09:22:55.0676 0x1afc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
09:22:55.0754 0x1afc  NlaSvc - ok
09:22:55.0786 0x1afc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:22:55.0848 0x1afc  Npfs - ok
09:22:55.0910 0x1afc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
09:22:56.0020 0x1afc  nsi - ok
09:22:56.0035 0x1afc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:22:56.0098 0x1afc  nsiproxy - ok
09:22:56.0503 0x1afc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:22:56.0597 0x1afc  Ntfs - ok
09:22:56.0675 0x1afc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
09:22:56.0753 0x1afc  Null - ok
09:22:58.0503 0x1afc  [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
09:22:59.0143 0x1afc  nvlddmkm - ok
09:22:59.0221 0x1afc  [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
09:22:59.0252 0x1afc  nvpciflt - ok
09:22:59.0346 0x1afc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:22:59.0377 0x1afc  nvraid - ok
09:22:59.0408 0x1afc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:22:59.0455 0x1afc  nvstor - ok
09:22:59.0549 0x1afc  [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] nvsvc           C:\windows\system32\nvvsvc.exe
09:22:59.0580 0x1afc  nvsvc - ok
09:23:00.0017 0x1afc  [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:23:00.0173 0x1afc  nvUpdatusService - ok
09:23:00.0236 0x1afc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:23:00.0267 0x1afc  nv_agp - ok
09:23:00.0314 0x1afc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:23:00.0376 0x1afc  ohci1394 - ok
09:23:00.0548 0x1afc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:23:00.0657 0x1afc  p2pimsvc - ok
09:23:00.0829 0x1afc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
09:23:00.0891 0x1afc  p2psvc - ok
09:23:00.0922 0x1afc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
09:23:00.0985 0x1afc  Parport - ok
09:23:01.0063 0x1afc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:23:01.0141 0x1afc  partmgr - ok
09:23:01.0219 0x1afc  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:23:01.0281 0x1afc  PcaSvc - ok
09:23:01.0328 0x1afc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
09:23:01.0344 0x1afc  pci - ok
09:23:01.0390 0x1afc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
09:23:01.0453 0x1afc  pciide - ok
09:23:01.0500 0x1afc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
09:23:01.0562 0x1afc  pcmcia - ok
09:23:01.0656 0x1afc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
09:23:01.0718 0x1afc  pcw - ok
09:23:01.0780 0x1afc  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:23:01.0843 0x1afc  PEAUTH - ok
09:23:01.0952 0x1afc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:23:02.0014 0x1afc  PerfHost - ok
09:23:02.0748 0x1afc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
09:23:02.0904 0x1afc  pla - ok
09:23:03.0013 0x1afc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:23:03.0109 0x1afc  PlugPlay - ok
09:23:03.0135 0x1afc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:23:03.0219 0x1afc  PNRPAutoReg - ok
09:23:03.0311 0x1afc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:23:03.0345 0x1afc  PNRPsvc - ok
09:23:03.0437 0x1afc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:23:03.0515 0x1afc  PolicyAgent - ok
09:23:03.0671 0x1afc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
09:23:03.0765 0x1afc  Power - ok
09:23:03.0983 0x1afc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:23:04.0030 0x1afc  PptpMiniport - ok
09:23:04.0061 0x1afc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
09:23:04.0092 0x1afc  Processor - ok
09:23:04.0139 0x1afc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
09:23:04.0218 0x1afc  ProfSvc - ok
09:23:04.0249 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\windows\system32\lsass.exe
09:23:04.0280 0x1afc  ProtectedStorage - ok
09:23:04.0312 0x1afc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:23:04.0405 0x1afc  Psched - ok
09:23:04.0546 0x1afc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
09:23:04.0686 0x1afc  ql2300 - ok
09:23:04.0733 0x1afc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
09:23:04.0780 0x1afc  ql40xx - ok
09:23:04.0826 0x1afc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
09:23:04.0920 0x1afc  QWAVE - ok
09:23:04.0967 0x1afc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:23:05.0076 0x1afc  QWAVEdrv - ok
09:23:05.0107 0x1afc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:23:05.0201 0x1afc  RasAcd - ok
09:23:05.0264 0x1afc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:23:05.0389 0x1afc  RasAgileVpn - ok
09:23:05.0443 0x1afc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
09:23:05.0552 0x1afc  RasAuto - ok
09:23:05.0568 0x1afc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:23:05.0600 0x1afc  Rasl2tp - ok
09:23:05.0631 0x1afc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
09:23:05.0693 0x1afc  RasMan - ok
09:23:05.0725 0x1afc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:23:05.0805 0x1afc  RasPppoe - ok
09:23:05.0851 0x1afc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:23:05.0883 0x1afc  RasSstp - ok
09:23:05.0914 0x1afc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:23:05.0976 0x1afc  rdbss - ok
09:23:05.0992 0x1afc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
09:23:06.0070 0x1afc  rdpbus - ok
09:23:06.0085 0x1afc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:23:06.0148 0x1afc  RDPCDD - ok
09:23:06.0210 0x1afc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:23:06.0257 0x1afc  RDPENCDD - ok
09:23:06.0288 0x1afc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:23:06.0366 0x1afc  RDPREFMP - ok
09:23:06.0507 0x1afc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:23:06.0600 0x1afc  RDPWD - ok
09:23:06.0678 0x1afc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:23:06.0725 0x1afc  rdyboost - ok
09:23:06.0834 0x1afc  [ FD11C1287D38A46FB72353E14D50089C, C787EE22583ADF1E19E5ADAC5B949750890D1FA5062B5DD2C6B35667D005FECF ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:23:06.0881 0x1afc  RegSrvc - ok
09:23:06.0928 0x1afc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:23:06.0959 0x1afc  RemoteAccess - ok
09:23:07.0006 0x1afc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:23:07.0084 0x1afc  RemoteRegistry - ok
09:23:07.0131 0x1afc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
09:23:07.0146 0x1afc  RFCOMM - ok
09:23:07.0162 0x1afc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:23:07.0193 0x1afc  RpcEptMapper - ok
09:23:07.0209 0x1afc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
09:23:07.0271 0x1afc  RpcLocator - ok
09:23:07.0357 0x1afc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
09:23:07.0419 0x1afc  RpcSs - ok
09:23:07.0482 0x1afc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:23:07.0575 0x1afc  rspndr - ok
09:23:07.0653 0x1afc  [ E54A5586A28D0630A79A68BBAB84BFCF, F6FBF1E4C64351CEB205DDCD17C35EA26439E98F3528F96AE326959A7C26B488 ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
09:23:07.0716 0x1afc  RSUSBVSTOR - ok
09:23:07.0794 0x1afc  [ DCF7221D6588EDA8CD77CB27AE9B1844, 7741A4F513952CC3C4D5056958D0D50F8F2A9D3142C7478707F73A83D3CDE01C ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
09:23:07.0825 0x1afc  RTL8167 - ok
09:23:07.0856 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\windows\system32\lsass.exe
09:23:07.0872 0x1afc  SamSs - ok
09:23:07.0903 0x1afc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:23:07.0965 0x1afc  sbp2port - ok
09:23:08.0173 0x1afc  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:23:08.0210 0x1afc  SBSDWSCService - ok
09:23:08.0267 0x1afc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:23:08.0352 0x1afc  SCardSvr - ok
09:23:08.0397 0x1afc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:23:08.0468 0x1afc  scfilter - ok
09:23:08.0531 0x1afc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
09:23:08.0609 0x1afc  Schedule - ok
09:23:08.0656 0x1afc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
09:23:08.0702 0x1afc  SCPolicySvc - ok
09:23:08.0734 0x1afc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:23:08.0827 0x1afc  SDRSVC - ok
09:23:08.0874 0x1afc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:23:08.0921 0x1afc  secdrv - ok
09:23:08.0952 0x1afc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
09:23:09.0046 0x1afc  seclogon - ok
09:23:09.0077 0x1afc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
09:23:09.0124 0x1afc  SENS - ok
09:23:09.0170 0x1afc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:23:09.0202 0x1afc  SensrSvc - ok
09:23:09.0204 0x1afc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
09:23:09.0235 0x1afc  Serenum - ok
09:23:09.0297 0x1afc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
09:23:09.0375 0x1afc  Serial - ok
09:23:09.0407 0x1afc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
09:23:09.0454 0x1afc  sermouse - ok
09:23:09.0548 0x1afc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
09:23:09.0751 0x1afc  SessionEnv - ok
09:23:09.0766 0x1afc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:23:09.0782 0x1afc  sffdisk - ok
09:23:09.0797 0x1afc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:23:09.0844 0x1afc  sffp_mmc - ok
09:23:09.0891 0x1afc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:23:09.0969 0x1afc  sffp_sd - ok
09:23:09.0969 0x1afc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
09:23:09.0985 0x1afc  sfloppy - ok
09:23:10.0047 0x1afc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:23:10.0141 0x1afc  SharedAccess - ok
09:23:10.0251 0x1afc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:23:10.0344 0x1afc  ShellHWDetection - ok
09:23:10.0407 0x1afc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
09:23:10.0438 0x1afc  SiSRaid2 - ok
09:23:10.0469 0x1afc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
09:23:10.0500 0x1afc  SiSRaid4 - ok
09:23:10.0625 0x1afc  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:23:10.0688 0x1afc  SkypeUpdate - ok
09:23:10.0750 0x1afc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:23:10.0828 0x1afc  Smb - ok
09:23:10.0890 0x1afc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:23:10.0953 0x1afc  SNMPTRAP - ok
09:23:11.0000 0x1afc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
09:23:11.0015 0x1afc  spldr - ok
09:23:11.0171 0x1afc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
09:23:11.0265 0x1afc  Spooler - ok
09:23:11.0717 0x1afc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
09:23:11.0904 0x1afc  sppsvc - ok
09:23:11.0951 0x1afc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:23:12.0029 0x1afc  sppuinotify - ok
09:23:12.0232 0x1afc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
09:23:12.0294 0x1afc  srv - ok
09:23:12.0404 0x1afc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:23:12.0450 0x1afc  srv2 - ok
09:23:12.0513 0x1afc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:23:12.0560 0x1afc  srvnet - ok
09:23:12.0606 0x1afc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:23:12.0685 0x1afc  SSDPSRV - ok
09:23:12.0717 0x1afc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:23:12.0779 0x1afc  SstpSvc - ok
09:23:13.0044 0x1afc  [ 0398BF35F898BA77033E678609AAB64F, E48D2E1E1C8FD314340BA1AA69E8942F630139B1E7019C8828BA5525444320D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:23:13.0095 0x1afc  Steam Client Service - ok
09:23:13.0122 0x1afc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
09:23:13.0174 0x1afc  stexstor - ok
09:23:13.0228 0x1afc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
09:23:13.0273 0x1afc  stisvc - ok
09:23:13.0343 0x1afc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
09:23:13.0363 0x1afc  swenum - ok
09:23:13.0399 0x1afc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
09:23:13.0458 0x1afc  swprv - ok
09:23:13.0785 0x1afc  [ 08425CD92972C6430F350A9697F4A553, F6DAA0EB637232BEA34B73AB1E59F55A6602F209A10529D486B8134AA002762D ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:23:13.0910 0x1afc  SynTP - ok
09:23:14.0331 0x1afc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
09:23:14.0519 0x1afc  SysMain - ok
09:23:14.0581 0x1afc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
09:23:14.0721 0x1afc  TabletInputService - ok
09:23:14.0924 0x1afc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
09:23:15.0065 0x1afc  TapiSrv - ok
09:23:15.0111 0x1afc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
09:23:15.0205 0x1afc  TBS - ok
09:23:15.0705 0x1afc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:23:15.0846 0x1afc  Tcpip - ok
09:23:16.0189 0x1afc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:23:16.0251 0x1afc  TCPIP6 - ok
09:23:16.0360 0x1afc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:23:16.0423 0x1afc  tcpipreg - ok
09:23:16.0454 0x1afc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:23:16.0532 0x1afc  TDPIPE - ok
09:23:16.0563 0x1afc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:23:16.0579 0x1afc  TDTCP - ok
09:23:16.0626 0x1afc  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:23:16.0672 0x1afc  tdx - ok
09:23:19.0085 0x1afc  [ 6CA83C69643E7BF144A428B7BDC7D630, DB015BA4428509E1D5BE74FEFB446A29D316564617EB15A379424B3FCE3B74A9 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:23:19.0849 0x1afc  TeamViewer - ok
09:23:19.0990 0x1afc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
09:23:20.0052 0x1afc  TermDD - ok
09:23:20.0228 0x1afc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
09:23:20.0296 0x1afc  TermService - ok
09:23:20.0327 0x1afc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
09:23:20.0358 0x1afc  Themes - ok
09:23:20.0421 0x1afc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
09:23:20.0483 0x1afc  THREADORDER - ok
09:23:20.0530 0x1afc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
09:23:20.0624 0x1afc  TrkWks - ok
09:23:20.0826 0x1afc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:23:20.0936 0x1afc  TrustedInstaller - ok
09:23:21.0029 0x1afc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:23:21.0060 0x1afc  tssecsrv - ok
09:23:21.0123 0x1afc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:23:21.0216 0x1afc  TsUsbFlt - ok
09:23:21.0232 0x1afc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
09:23:21.0248 0x1afc  TsUsbGD - ok
09:23:21.0294 0x1afc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:23:21.0357 0x1afc  tunnel - ok
09:23:21.0357 0x1afc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
09:23:21.0372 0x1afc  uagp35 - ok
09:23:21.0419 0x1afc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:23:21.0545 0x1afc  udfs - ok
09:23:21.0592 0x1afc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:23:21.0639 0x1afc  UI0Detect - ok
09:23:21.0685 0x1afc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:23:21.0717 0x1afc  uliagpkx - ok
09:23:21.0748 0x1afc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
09:23:21.0779 0x1afc  umbus - ok
09:23:21.0779 0x1afc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
09:23:21.0795 0x1afc  UmPass - ok
09:23:22.0231 0x1afc  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:23:22.0403 0x1afc  UNS - ok
09:23:22.0512 0x1afc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
09:23:22.0606 0x1afc  upnphost - ok
09:23:22.0644 0x1afc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
09:23:22.0738 0x1afc  usbccgp - ok
09:23:22.0784 0x1afc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:23:22.0878 0x1afc  usbcir - ok
09:23:22.0925 0x1afc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
09:23:22.0987 0x1afc  usbehci - ok
09:23:23.0034 0x1afc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
09:23:23.0076 0x1afc  usbhub - ok
09:23:23.0092 0x1afc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:23:23.0129 0x1afc  usbohci - ok
09:23:23.0176 0x1afc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:23:23.0230 0x1afc  usbprint - ok
09:23:23.0286 0x1afc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
09:23:23.0352 0x1afc  usbscan - ok
09:23:23.0477 0x1afc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:23:23.0633 0x1afc  USBSTOR - ok
09:23:23.0757 0x1afc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:23:23.0804 0x1afc  usbuhci - ok
09:23:23.0913 0x1afc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:23:24.0038 0x1afc  usbvideo - ok
09:23:24.0101 0x1afc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
09:23:24.0194 0x1afc  UxSms - ok
09:23:24.0225 0x1afc  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\windows\system32\lsass.exe
09:23:24.0225 0x1afc  VaultSvc - ok
09:23:24.0303 0x1afc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:23:24.0335 0x1afc  vdrvroot - ok
09:23:24.0506 0x1afc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
09:23:24.0569 0x1afc  vds - ok
09:23:24.0647 0x1afc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:23:24.0709 0x1afc  vga - ok
09:23:24.0740 0x1afc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
09:23:24.0849 0x1afc  VgaSave - ok
09:23:24.0927 0x1afc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:23:24.0990 0x1afc  vhdmp - ok
09:23:25.0037 0x1afc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
09:23:25.0068 0x1afc  viaide - ok
09:23:25.0115 0x1afc  [ 5CB80AFA98111FC6ED6E8702A0D7AC5B, ECA8B155EA48A509B443A2189AE1A98A5E2E49BA98601A55A089207C4555C4F5 ] vm2uvcflt       C:\windows\system32\Drivers\vm2uvcflt.sys
09:23:25.0146 0x1afc  vm2uvcflt - ok
09:23:25.0256 0x1afc  [ D8BD0784AADCE2AAEE8F8E2C57A0BC7C, 5206426C2EAAEBFF529DEBD2BCB765D4FA17B113BB8F548B1CF422E638C2EA78 ] vm332avs        C:\windows\system32\Drivers\vm332avs.sys
09:23:25.0303 0x1afc  vm332avs - ok
09:23:25.0334 0x1afc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:23:25.0365 0x1afc  volmgr - ok
09:23:25.0381 0x1afc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:23:25.0428 0x1afc  volmgrx - ok
09:23:25.0443 0x1afc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:23:25.0459 0x1afc  volsnap - ok
09:23:25.0521 0x1afc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
09:23:25.0552 0x1afc  vsmraid - ok
09:23:25.0677 0x1afc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
09:23:25.0755 0x1afc  VSS - ok
09:23:25.0771 0x1afc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:23:25.0833 0x1afc  vwifibus - ok
09:23:25.0864 0x1afc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:23:25.0896 0x1afc  vwififlt - ok
09:23:25.0911 0x1afc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:23:25.0989 0x1afc  vwifimp - ok
09:23:26.0036 0x1afc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
09:23:26.0130 0x1afc  W32Time - ok
09:23:26.0192 0x1afc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
09:23:26.0254 0x1afc  WacomPen - ok
09:23:26.0301 0x1afc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:23:26.0348 0x1afc  WANARP - ok
09:23:26.0364 0x1afc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:23:26.0395 0x1afc  Wanarpv6 - ok
09:23:26.0551 0x1afc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:23:26.0644 0x1afc  WatAdminSvc - ok
09:23:27.0083 0x1afc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
09:23:27.0255 0x1afc  wbengine - ok
09:23:27.0302 0x1afc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:23:27.0395 0x1afc  WbioSrvc - ok
09:23:27.0442 0x1afc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:23:27.0489 0x1afc  wcncsvc - ok
09:23:27.0520 0x1afc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:23:27.0551 0x1afc  WcsPlugInService - ok
09:23:27.0582 0x1afc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
09:23:27.0582 0x1afc  Wd - ok
09:23:27.0676 0x1afc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:23:27.0738 0x1afc  Wdf01000 - ok
09:23:27.0785 0x1afc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:23:27.0848 0x1afc  WdiServiceHost - ok
09:23:27.0863 0x1afc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:23:27.0879 0x1afc  WdiSystemHost - ok
09:23:27.0941 0x1afc  [ 94DC2BF6CBAAA95E369C3756D3115A76, 3DF44939ADBB4E30896993A85470BE5E16B1A3EDADFDD8F113D9615A6E431C12 ] wdkmd           C:\windows\system32\DRIVERS\WDKMD.sys
09:23:27.0988 0x1afc  wdkmd - ok
09:23:28.0019 0x1afc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
09:23:28.0135 0x1afc  WebClient - ok
09:23:28.0167 0x1afc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:23:28.0234 0x1afc  Wecsvc - ok
09:23:28.0258 0x1afc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:23:28.0291 0x1afc  wercplsupport - ok
09:23:28.0352 0x1afc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
09:23:28.0431 0x1afc  WerSvc - ok
09:23:28.0480 0x1afc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:23:28.0527 0x1afc  WfpLwf - ok
09:23:28.0542 0x1afc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:23:28.0542 0x1afc  WIMMount - ok
09:23:28.0558 0x1afc  WinDefend - ok
09:23:28.0589 0x1afc  WinHttpAutoProxySvc - ok
09:23:28.0683 0x1afc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:23:28.0745 0x1afc  Winmgmt - ok
09:23:28.0870 0x1afc  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
09:23:29.0026 0x1afc  WinRM - ok
09:23:29.0104 0x1afc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
09:23:29.0151 0x1afc  WinUsb - ok
09:23:29.0244 0x1afc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
09:23:29.0369 0x1afc  Wlansvc - ok
09:23:29.0464 0x1afc  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:23:29.0495 0x1afc  wlcrasvc - ok
09:23:29.0885 0x1afc  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:23:29.0978 0x1afc  wlidsvc - ok
09:23:30.0025 0x1afc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
09:23:30.0041 0x1afc  WmiAcpi - ok
09:23:30.0056 0x1afc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:23:30.0119 0x1afc  wmiApSrv - ok
09:23:30.0150 0x1afc  WMPNetworkSvc - ok
09:23:30.0197 0x1afc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:23:30.0291 0x1afc  WPCSvc - ok
09:23:30.0307 0x1afc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:23:30.0354 0x1afc  WPDBusEnum - ok
09:23:30.0385 0x1afc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:23:30.0432 0x1afc  ws2ifsl - ok
09:23:30.0463 0x1afc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
09:23:30.0479 0x1afc  wscsvc - ok
09:23:30.0479 0x1afc  WSearch - ok
09:23:30.0541 0x1afc  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
09:23:30.0572 0x1afc  wsvd - ok
09:23:30.0885 0x1afc  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\windows\system32\wuaueng.dll
09:23:31.0119 0x1afc  wuauserv - ok
09:23:31.0197 0x1afc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:23:31.0291 0x1afc  WudfPf - ok
09:23:31.0353 0x1afc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
09:23:31.0402 0x1afc  WUDFRd - ok
09:23:31.0464 0x1afc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:23:31.0511 0x1afc  wudfsvc - ok
09:23:31.0589 0x1afc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
09:23:31.0636 0x1afc  WwanSvc - ok
09:23:31.0683 0x1afc  ================ Scan global ===============================
09:23:31.0714 0x1afc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
09:23:31.0776 0x1afc  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\windows\system32\winsrv.dll
09:23:31.0808 0x1afc  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\windows\system32\winsrv.dll
09:23:31.0839 0x1afc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
09:23:31.0886 0x1afc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
09:23:31.0901 0x1afc  [ Global ] - ok
09:23:31.0901 0x1afc  ================ Scan MBR ==================================
09:23:31.0917 0x1afc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:23:34.0800 0x1afc  \Device\Harddisk0\DR0 - ok
09:23:34.0800 0x1afc  ================ Scan VBR ==================================
09:23:34.0847 0x1afc  [ E1763517C3A009F5EE12369111333ACD ] \Device\Harddisk0\DR0\Partition1
09:23:34.0862 0x1afc  \Device\Harddisk0\DR0\Partition1 - ok
09:23:34.0894 0x1afc  [ A3DDBB9153B6A6490C3DBA759C58C0DD ] \Device\Harddisk0\DR0\Partition2
09:23:34.0956 0x1afc  \Device\Harddisk0\DR0\Partition2 - ok
09:23:35.0018 0x1afc  [ 4FCB6255CFDD54E279DD2E666FA3E1E7 ] \Device\Harddisk0\DR0\Partition3
09:23:35.0221 0x1afc  \Device\Harddisk0\DR0\Partition3 - ok
09:23:35.0237 0x1afc  ================ Scan generic autorun ======================
09:23:35.0643 0x1afc  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
09:23:35.0675 0x1afc  UpdatePRCShortCut - ok
09:23:35.0675 0x1afc  SynTPEnh - ok
09:23:39.0907 0x1afc  [ AB34D68B955025BC26741EEF891FDCF0, 9584F85E1F719CB46ADE8698E82B0A148296ED77FC6396CA2A198D8A3DAD05DB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:23:40.0457 0x1afc  RtHDVCpl - ok
09:23:40.0535 0x1afc  [ 75B6F9859434B7C174A3B6B2DBE47D12, 1E34183385A4C9F78440591B471434429958B199ECC53AD6E45E1C5D8B1FAC64 ] C:\windows\system32\igfxpers.exe
09:23:40.0566 0x1afc  Persistence - ok
09:23:40.0675 0x1afc  [ 90B7C61571929851E7BF09B2EEEE502A, D7F6509588F6BD3DA1660B87A6F78A44D25FA2C6D2A04301BBE9E00F25270C52 ] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
09:23:40.0722 0x1afc  OnekeyStudio - ok
09:23:40.0894 0x1afc  [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
09:23:40.0925 0x1afc  iTunesHelper - ok
09:23:41.0690 0x1afc  [ 1D0F1F7A17293ED2AC88FC356EA4FDB4, FA722A8F7ACE0DACEE5360370CA2F9CA3FC19C0ED172B7A743AAACC050E2460B ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
09:23:41.0800 0x1afc  IntelPAN - ok
09:23:41.0940 0x1afc  [ B42507884C1578ABC2253ECF5FF6D2D9, CE34A8AA60C7F410E556F2007DA92532B70C68C7E7461AE3604CEA75EA47058C ] C:\windows\system32\igfxtray.exe
09:23:41.0956 0x1afc  IgfxTray - ok
09:23:42.0018 0x1afc  [ B9778B75117C9E84C7A3C68634B215CC, 06E2E1047911910266B3BB8DE2826C17F91704F1B6EA131114AA2ADF09B97875 ] C:\windows\system32\hkcmd.exe
09:23:42.0049 0x1afc  HotKeysCmds - ok
09:23:42.0736 0x1afc  [ F43AB67D41349AD8BB1FE045C5C49832, E79C50F6EA022AA41A502D780CB72232AC094FD008C31EDC51A1F58EF00B1F08 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
09:23:42.0845 0x1afc  EnergyUtility - ok
09:23:44.0254 0x1afc  [ 39F53D30AAF0427A02D6F1223C18DC5B, 0916F1A2F53BD2D65538A3E215A80BA7EA87D52D8B9C1885E0FB2D365A68BEDB ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
09:23:44.0441 0x1afc  Energy Management - ok
09:23:44.0847 0x1afc  [ 73BB7AC752D393494565A56A91B986CA, 5286A7B1719F2735C84212B5C8BC2BC57B03E9E7C4DF779EF582629DCBD01785 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:23:44.0878 0x1afc  COMODO Internet Security - ok
09:23:47.0298 0x1afc  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:23:47.0423 0x1afc  AvastUI.exe - ok
09:23:47.0548 0x1afc  [ DEF597DB8744011BDD4CACD5100F5267, 9406EEC461B68981D8DDC4868308E87169E605CB049B3FAAECE14F5E59B6939F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
09:23:47.0594 0x1afc  YouCam Tray - detected UnsignedFile.Multi.Generic ( 1 )
09:23:50.0193 0x1afc  Detect skipped due to KSN trusted
09:23:50.0193 0x1afc  YouCam Tray - ok
09:23:50.0428 0x1afc  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
09:23:50.0474 0x1afc  YouCam Mirage - ok
09:23:50.0755 0x1afc  [ A13EE99F8DDF9B5C09E516928482B248, 2A726AEE7298F4427A4AF86075F8A7B15E1564169A348D70F1E74012C3B6E83C ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
09:23:50.0786 0x1afc  VeriFaceManager - ok
09:23:51.0567 0x1afc  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
09:23:51.0661 0x1afc  UpdateP2GShortCut - ok
09:23:51.0942 0x1afc  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
09:23:52.0083 0x1afc  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
09:23:54.0693 0x1afc  Detect skipped due to KSN trusted
09:23:54.0693 0x1afc  QuickTime Task - ok
09:23:55.0365 0x1afc  [ 4275C55AA440DC08EA0267AED31D9654, A5EF4505960D9CECC45376026A8B51FF43282AE811C88617CCD8F7F1E6E56A7B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:23:55.0459 0x1afc  APSDaemon - ok
09:23:56.0020 0x1afc  [ B7A36B59F77C1A088FE3A19BFADCB9F0, 88C33C26391F6D0773BB2AB8ACA3A10B781453954AF1E4F665898CA75F49CAE4 ] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
09:23:56.0145 0x1afc  332BigDog - ok
09:23:56.0800 0x1afc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:23:56.0987 0x1afc  Sidebar - ok
09:23:56.0987 0x1afc  FactoryTest - ok
09:23:57.0003 0x1afc  Power2GoExpress - ok
09:23:57.0081 0x1afc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:23:57.0175 0x1afc  mctadmin - ok
09:23:57.0928 0x1afc  [ 38FFE94BC02E5E7525AEB654CF7A4F55, 426D35DC84B59ECECCFC21ACA74A3A11682BC95232939A5EFFECFCC8FE492A70 ] C:\Program Files (x86)\Steam\steam.exe
09:23:58.0084 0x1afc  Steam - ok
09:23:59.0169 0x1afc  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
09:23:59.0357 0x1afc  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
09:24:02.0277 0x1afc  Detect skipped due to KSN trusted
09:24:02.0277 0x1afc  SpybotSD TeaTimer - ok
09:24:03.0142 0x1afc  [ C1DCF54DA67BA34970C1F9A139F7302B, C70CBAC304B60C2DB506090BD1E9C168E47B4A7548D51B51F6B38AE05D54A87A ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
09:24:03.0170 0x1afc  GoogleChromeAutoLaunch_E343CED88E4CAEA33D87656C3372D0D1 - ok
09:24:04.0221 0x1afc  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\Tori\AppData\Local\FluxSoftware\Flux\flux.exe
09:24:04.0283 0x1afc  f.lux - ok
09:24:07.0109 0x1afc  [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
09:24:07.0780 0x1afc  CCleaner Monitoring - ok
09:24:08.0316 0x1afc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:24:08.0350 0x1afc  Sidebar - ok
09:24:08.0352 0x1afc  Waiting for KSN requests completion. In queue: 3
09:24:09.0365 0x1afc  Waiting for KSN requests completion. In queue: 3
09:24:10.0373 0x1afc  Waiting for KSN requests completion. In queue: 3
09:24:11.0449 0x1afc  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x42000 ( disabled : updated )
09:24:11.0449 0x1afc  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4508 ), 0x61010 ( enabled )
09:24:13.0888 0x1afc  ============================================================
09:24:13.0888 0x1afc  Scan finished
09:24:13.0888 0x1afc  ============================================================
09:24:13.0904 0x0c20  Detected object count: 0
09:24:13.0904 0x0c20  Actual detected object count: 0
 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 21 May 2015 - 11:25 AM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 21 May 2015 - 11:59 AM

Okay, here are the results from my Hitman scan:

 

HitmanPro 3.7.9.241
www.hitmanpro.com

   Computer name . . . . : TOMATO
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Tomato\Tori
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-05-21 09:30:42
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 2,424,338
   Files scanned . . . . : 46,477
   Remnants scanned  . . : 409,956 files / 1,967,905 keys

Suspicious files ____________________________________________________________

   C:\Users\Tori\Desktop\FRST64.exe
      Size . . . . . . . : 2,107,904 bytes
      Age  . . . . . . . : 0.8 days (2015-05-20 14:09:50)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : A4E5C928D6D2A54ECEE091776B13D9C7DA8347957B103721C15261E625461869
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\windows\PEV.exe
      Size . . . . . . . : 256,000 bytes
      Age  . . . . . . . : 0.7 days (2015-05-20 16:47:22)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.0s C:\Windows\SWXCACLS.exe
         -0.0s C:\Windows\SWSC.exe
         -0.0s C:\Windows\sed.exe
          0.0s C:\Windows\grep.exe
          0.0s C:\Windows\zip.exe
          0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe


Cookies _____________________________________________________________________

   C:\Users\Tori\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Cookies\04HVFNE2.txt
   C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Cookies\3X6U5W2D.txt
   C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Cookies\5G97AAY5.txt
   C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Cookies\JY5CU2DD.txt
   C:\Users\Tori\AppData\Roaming\Microsoft\Windows\Cookies\W491IJTS.txt
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:googleadservices.com
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:ru4.com
   C:\Users\Tori\AppData\Roaming\Mozilla\Firefox\Profiles\87d4okb5.default\cookies.sqlite:serving-sys.com
 

 

And here are my results from the ESET Scan:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fc90af85225fdc4d86b840e27385ef29
# engine=23954
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 04:53:56
# local_time=2015-05-21 12:53:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 74 0 195726126 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 84 936408 103011600 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 183770686 0 0
# scanned=256012
# found=7
# cleaned=0
# scan_time=11100
sh=700F93EAE3E5E4A0A1FF98D1D0E34CFEEFFF3F24 ft=1 fh=b3c2d418500693c8 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe"
sh=9644FB7C85A081DAEC8E58A95B37E9A8655E5A73 ft=1 fh=b528e2923dc96711 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tori\Downloads\ccsetup505.exe"
sh=3B53601AAE5CD0BBAC66272F687CE99AB6AC641E ft=1 fh=14027c36d40cc9a8 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI149E.tmp"
sh=3B53601AAE5CD0BBAC66272F687CE99AB6AC641E ft=1 fh=14027c36d40cc9a8 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI6A5F.tmp"
sh=A8B918FE1A351D1BCB88B3CD77165A763379725C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=A8B918FE1A351D1BCB88B3CD77165A763379725C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
ESETSmartInstaller@High as downloader log:
all ok
 



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 21 May 2015 - 02:52 PM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 RadicalPirate

RadicalPirate
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 21 May 2015 - 03:18 PM

It's working! So far, my volume controls are back, my programs are opening, and I am able to pull up my System's Task Manager! How did you do it?!  I also removed COMODO Firewall and made sure Windows Firewall was activated.



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:31 PM

Posted 21 May 2015 - 03:25 PM

It's good to hear that your problems appear to be solved. :)

combofix.pngUninstall Combofix:
Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.
3w7i5uxa.png


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users