Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Preventing AVG From Running


  • This topic is locked This topic is locked
16 replies to this topic

#1 jadallahyk

jadallahyk

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 14 September 2015 - 08:26 PM

Hello all. 

 

First, let me say thank you for what you all do! Second, I'm sorry if the description of the problem is not ideal. I'm helping my mother in-law and I wasn't around when this started. 

 

She texted me saying she got a pop up on her machine saying along these lines "Windows Firewall Infected..BSOD....." I told her I would be home in a bit and would call her. Well she decided she would save me the trouble and call the 1-800 number that the pop up displayed.... Yup....I'm banging my head on the desk. 

 

She said some guy dialed into the PC and started a scan. My father in-law told her that this probably wasn't a good idea and told her she should hang up.

 

By the time I got to the PC there was some remote support session in progress that I killed. Firefox was now the default browser and homepage was Rescue by LogMeIn. 

 

Now AVG won't run so I'm assuming something is preventing it from running. Ran Malwarebit Anti-Malware and it didn't detect any threats? 

 

So I'm following the instructions you provided. Ran the Farbar tool and FRST log in below and the Addition file is attached. 

 

Again, THANK YOU!!!! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015

Ran by Rita Bailey (administrator) on RITABAILEY (14-09-2015 21:10:12)
Running from C:\Users\Rita Bailey\Downloads
Loaded Profiles: Rita Bailey (Available Profiles: Rita Bailey)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2simpleft.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-04-12] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [914_19371261684874] => C:\Users\Rita Bailey\AppData\Local\LMIR0001.tmp_r.bat [375 2015-09-14] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Rita Bailey\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=72bfb5464dc347d3b6f4edde4836355b-ba985e74edb8327af427ef30273505ee95573a0d /CMPID=1113a
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-09] (Google Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Startup: C:\Users\Rita Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{735CB8F0-E55F-4BD7-935D-5AA1F169123A}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2720628314-3776284362-335876566-1001 -> {888EE720-594B-43DE-BA12-5BA43C98F787} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-16] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-16] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2720628314-3776284362-335876566-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Rita Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\894ovarx.default-1439600293711
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2720628314-3776284362-335876566-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Profile: C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
CHR Extension: (Google Drive) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
CHR Extension: (YouTube) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
CHR Extension: (Google Search) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1528432 2015-06-30] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-04-12] (Lenovo)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [188200 2013-01-28] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [55536 2013-04-12] (Windows ® Win 7 DDK provider)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [37112 2015-03-20] (Citrix Systems)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [260712 2012-01-30] (Realtek Semiconductor Corp.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-14 21:10 - 2015-09-14 21:10 - 00023021 _____ C:\Users\Rita Bailey\Downloads\FRST.txt
2015-09-14 21:10 - 2015-09-14 21:10 - 00000000 ___SH C:\DkHyperbootSync
2015-09-14 21:10 - 2015-09-14 21:10 - 00000000 ____D C:\FRST
2015-09-14 20:48 - 2015-09-14 20:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 20:45 - 2015-09-14 20:46 - 02190848 _____ (Farbar) C:\Users\Rita Bailey\Downloads\FRST64.exe
2015-09-14 20:38 - 2015-09-14 20:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 20:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-14 20:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-14 20:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-14 20:34 - 2015-09-14 20:37 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Rita Bailey\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 20:06 - 2015-09-14 20:14 - 00000000 ____D C:\AdwCleaner
2015-09-14 20:04 - 2015-09-14 20:05 - 01660416 _____ C:\Users\Rita Bailey\Downloads\adwcleaner_5.007.exe
2015-09-14 19:33 - 2015-09-14 19:33 - 00000450 _____ C:\Users\Rita Bailey\AppData\Local\LMIR0001.tmp.bat
2015-09-14 19:33 - 2015-09-14 19:33 - 00000375 _____ C:\Users\Rita Bailey\AppData\Local\LMIR0001.tmp_r.bat
2015-09-14 19:29 - 2015-09-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2015-09-14 19:29 - 2015-09-14 19:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-14 19:29 - 2015-03-20 01:50 - 00131416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll
2015-09-14 19:29 - 2015-03-20 01:34 - 00037112 _____ (Citrix Systems) C:\Windows\system32\Drivers\monblanking.sys
2015-09-14 19:28 - 2015-09-14 19:28 - 00000000 ____D C:\ProgramData\Citrix
2015-09-14 17:38 - 2015-09-14 17:38 - 00000000 ____D C:\Users\Rita Bailey\AppData\Local\LogMeIn Rescue Applet
2015-09-08 17:37 - 2015-08-17 13:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:37 - 2015-08-17 13:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:37 - 2015-08-17 13:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:37 - 2015-08-17 13:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:37 - 2015-08-17 13:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:37 - 2015-08-17 13:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:37 - 2015-08-17 13:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:37 - 2015-08-17 13:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:37 - 2015-08-17 13:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:37 - 2015-08-17 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-08 17:37 - 2015-08-17 13:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-08 17:37 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 17:37 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 17:37 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 17:37 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 17:37 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 17:37 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 17:37 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 17:37 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 17:37 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-09-08 17:37 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-09-08 17:37 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 17:36 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:36 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:36 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:36 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 17:31 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 17:31 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 17:31 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 17:31 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 17:31 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 17:31 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 17:27 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 17:27 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 17:27 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 17:27 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 17:27 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 17:27 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 17:27 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 17:27 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 17:27 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 17:27 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 17:27 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:27 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:27 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:27 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:27 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:27 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 17:27 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:27 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 17:27 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 17:27 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 17:27 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 17:27 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 17:27 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 17:27 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 17:27 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 17:27 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 17:27 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 17:27 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 17:27 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 17:27 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 17:27 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 17:27 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 17:27 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 17:27 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 17:27 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 17:27 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 17:27 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 17:27 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 17:27 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 17:27 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 17:27 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 17:27 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 17:27 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 17:27 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 17:27 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 17:26 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 17:26 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:26 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:26 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:26 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:26 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:26 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:26 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 17:26 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-29 16:48 - 2015-08-29 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-14 21:01 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-14 21:01 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 20:54 - 2014-04-09 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 20:50 - 2013-11-21 19:22 - 01828531 _____ C:\Windows\WindowsUpdate.log
2015-09-14 20:23 - 2014-04-09 20:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 20:05 - 2013-12-03 19:16 - 00000000 ____D C:\Users\Rita Bailey\AppData\Roaming\Skype
2015-09-14 19:49 - 2013-12-02 22:33 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-14 19:49 - 2013-12-02 22:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-09-14 19:13 - 2014-04-09 20:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 19:13 - 2014-01-27 09:44 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-14 19:13 - 2014-01-27 09:44 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-14 19:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-14 19:13 - 2009-07-14 00:51 - 00053591 _____ C:\Windows\setupact.log
2015-09-13 18:11 - 2009-07-14 01:13 - 00802650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 04:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-12 03:28 - 2009-07-14 00:45 - 00462368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 03:27 - 2014-01-17 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 03:27 - 2010-11-20 23:47 - 00675334 _____ C:\Windows\PFRO.log
2015-09-12 03:26 - 2013-02-11 14:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 03:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 03:09 - 2013-12-02 20:47 - 00000000 ____D C:\Windows\system32\MRT
2015-09-04 08:57 - 2014-04-09 20:13 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 05:18 - 2014-04-09 20:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 05:18 - 2014-04-09 20:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2013-12-02 20:47 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 17:33 - 2013-12-02 22:33 - 00122752 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-08-25 17:33 - 2013-12-02 22:33 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-08-25 17:33 - 2013-12-02 22:33 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-08-22 03:17 - 2013-12-03 14:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2015-09-14 19:33 - 2015-09-14 19:33 - 0000450 _____ () C:\Users\Rita Bailey\AppData\Local\LMIR0001.tmp.bat
2015-09-14 19:33 - 2015-09-14 19:33 - 0000375 _____ () C:\Users\Rita Bailey\AppData\Local\LMIR0001.tmp_r.bat
2013-12-31 11:22 - 2013-12-31 11:29 - 0000811 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Rita Bailey\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Rita Bailey\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Rita Bailey\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Rita Bailey\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Rita Bailey\AppData\Local\Temp\SetupProPlusRetail.x86.en-US_ProPlusRetail_KDVYF-N9RXP-JYX8Q-HHRCK-HCCDD_act_1_.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 00:25
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 14 September 2015 - 09:04 PM

Looks like the Addition file didn't attach to my original post. Sorry about that. 

Attached Files



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 15 September 2015 - 07:41 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 15 September 2015 - 08:21 PM

Evening Jürgen!

 

Thank you so much for your willingness to help me with my problem. I will do my very best to comply with the points you outlined above. One thing I wanted to mention is that I'm using GoToMyPC to access this machine. My mother in-law is a 6 hour drive from where I am and I'm doing my best to help her remotely. 

 

Here is the output of the Combofix log. 

 

ComboFix 15-09-07.01 - Rita Bailey 09/15/2015  20:56:11.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3672.1197 [GMT -4:00]
Running from: c:\users\Rita Bailey\Desktop\ComboFix.exe
AV: AVG Internet Security 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security 2015 *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1AA8577F-52FD-409B-8B17-5C9BDDF00A0A}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{33D35A42-69EC-464C-88D8-ABDB0C2BFBDB}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39C9B651-2EF5-4BCA-8ECA-27AA40440EDC}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4AA21362-B4DE-4132-B54C-001435A9E9F3}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6973C90F-C4E7-47F3-A5B4-480D77E154DA}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{838A243E-32E8-4624-B8C0-F19B873E37AB}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CFE2B831-F16D-4448-BFB0-D0BABA03A98F}.xps
c:\users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D768CBD7-6DBA-47A1-926C-4017C8CBC9F6}.xps
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-16 to 2015-09-16  )))))))))))))))))))))))))))))))
.
.
2015-09-16 01:01 . 2015-09-16 01:01 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2015-09-16 01:01 . 2015-09-16 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-15 01:10 . 2015-09-15 01:11 -------- d-----w- C:\FRST
2015-09-15 00:48 . 2015-09-15 00:52 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-15 00:38 . 2015-09-15 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-15 00:38 . 2015-09-15 00:38 -------- d-----w- c:\programdata\Malwarebytes
2015-09-15 00:38 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-15 00:38 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-15 00:38 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-15 00:06 . 2015-09-15 00:14 -------- d-----w- C:\AdwCleaner
2015-09-14 23:29 . 2015-03-20 05:50 53080 ----a-w- c:\windows\system32\Spool\prtprocs\x64\GoToPrintProcessor_x64.dll
2015-09-14 23:29 . 2015-03-20 05:50 131416 ----a-w- c:\windows\system32\gotomon_x64.dll
2015-09-14 23:29 . 2015-03-20 05:34 37112 ----a-w- c:\windows\system32\drivers\monblanking.sys
2015-09-14 23:29 . 2015-09-14 23:29 -------- d-----w- c:\program files (x86)\Citrix
2015-09-14 23:28 . 2015-09-14 23:28 -------- d-----w- c:\programdata\Citrix
2015-09-14 21:38 . 2015-09-15 01:47 -------- d-----w- c:\users\Rita Bailey\AppData\Local\LogMeIn Rescue Applet
2015-09-08 21:36 . 2015-08-05 17:56 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2015-09-08 21:31 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-08 21:31 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-08 21:31 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
2015-09-08 21:31 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-09-08 21:31 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-08 21:31 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-09-08 21:26 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-08-22 23:08 . 2015-08-22 23:08 -------- d-----w- C:\DRIVERS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-15 22:41 . 2013-12-03 18:50 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-08-26 22:37 . 2013-12-03 00:47 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-25 21:33 . 2013-12-03 02:33 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-08-25 21:33 . 2013-12-03 02:33 35688 ----a-w- c:\windows\system32\LMIport.dll
2015-08-25 21:33 . 2013-12-03 02:33 107368 ----a-w- c:\windows\system32\LMIinit.dll
2015-08-12 15:39 . 2014-04-10 00:12 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 15:39 . 2014-04-10 00:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 18:06 . 2015-08-12 21:01 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-12 21:01 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-12 21:01 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-12 21:01 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 21:01 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-13 07:08 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-13 07:08 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:09 . 2015-08-13 07:06 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:05 . 2015-08-13 07:06 774656 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:05 . 2015-08-13 07:06 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:05 . 2015-08-13 07:06 437760 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:05 . 2015-08-13 07:06 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:05 . 2015-08-13 07:06 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:05 . 2015-08-13 07:06 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:55 . 2015-08-13 07:06 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-07-22 17:53 . 2015-09-08 21:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-16 19:12 . 2015-08-13 07:01 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-13 07:01 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-16 19:12 . 2015-08-13 07:01 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-16 19:11 . 2015-08-13 07:01 62976 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:11 . 2015-08-13 07:01 7077376 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:11 . 2015-08-13 07:01 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-16 15:57 . 2013-12-03 02:33 107392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2015-07-15 18:15 . 2015-08-13 07:01 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:10 . 2015-08-13 07:01 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-13 07:01 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 03:19 . 2015-08-13 07:00 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-07-11 13:15 . 2015-08-13 07:01 429568 ----a-w- c:\windows\system32\wksprt.exe
2015-07-10 17:51 . 2015-08-13 07:01 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-07-09 17:57 . 2015-08-12 21:01 193536 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:57 . 2015-08-12 21:01 193536 ----a-w- c:\windows\notepad.exe
2015-07-09 17:42 . 2015-08-12 21:01 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-07-04 18:07 . 2015-07-15 12:32 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 12:32 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-01 20:49 . 2015-08-12 21:06 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:48 . 2015-08-12 21:06 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-07-01 20:30 . 2015-08-12 21:06 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-07-01 20:30 . 2015-08-12 21:06 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-06-26 13:49 . 2015-06-26 13:49 293296 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-12 00:57 1733240 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-06-01 506712]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-06-01 4315872]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2013-04-12 733936]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-06-30 3730344]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Rita Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2015-9-15 195248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2015\avgfws.exe;c:\program files (x86)\AVG\AVG2015\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\fastboot.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;Camera Plus (VGA Resolution Maximum);c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-04 02:17 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10 15:39]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 09:18]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10 09:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-12 03:15 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-01-28 293672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-20 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-20 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-20 441152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: nscorp.com\www2
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Rita Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\894ovarx.default-1439600293711\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1113a - c:\users\Rita Bailey\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-15  21:04:34
ComboFix-quarantined-files.txt  2015-09-16 01:04
.
Pre-Run: 400,740,438,016 bytes free
Post-Run: 402,205,048,832 bytes free
.
- - End Of File - - 63F0A243C425FD07AB9383D001611EE7


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 16 September 2015 - 05:13 AM

I am and I'm doing my best to help her remotely.


No problem.

Next step for you:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 16 September 2015 - 06:35 AM

No threats were found. Contents of the report are below. 

 

07:33:04.0292 0x1594  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57

07:33:13.0106 0x1594  ============================================================
07:33:13.0106 0x1594  Current date / time: 2015/09/16 07:33:13.0106
07:33:13.0106 0x1594  SystemInfo:
07:33:13.0106 0x1594  
07:33:13.0106 0x1594  OS Version: 6.1.7601 ServicePack: 1.0
07:33:13.0106 0x1594  Product type: Workstation
07:33:13.0106 0x1594  ComputerName: RITABAILEY
07:33:13.0106 0x1594  UserName: Rita Bailey
07:33:13.0106 0x1594  Windows directory: C:\Windows
07:33:13.0106 0x1594  System windows directory: C:\Windows
07:33:13.0106 0x1594  Running under WOW64
07:33:13.0106 0x1594  Processor architecture: Intel x64
07:33:13.0106 0x1594  Number of processors: 4
07:33:13.0106 0x1594  Page size: 0x1000
07:33:13.0106 0x1594  Boot type: Normal boot
07:33:13.0106 0x1594  ============================================================
07:33:13.0481 0x1594  KLMD registered as C:\Windows\system32\drivers\47033382.sys
07:33:13.0840 0x1594  System UUID: {FE1114C2-A860-E3EE-31FC-0B0C00CF1161}
07:33:14.0214 0x1594  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:33:14.0214 0x1594  Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:33:14.0230 0x1594  ============================================================
07:33:14.0230 0x1594  \Device\Harddisk0\DR0:
07:33:14.0230 0x1594  MBR partitions:
07:33:14.0230 0x1594  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
07:33:14.0230 0x1594  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3853F000
07:33:14.0230 0x1594  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3882D800, BlocksNum 0x1B58000
07:33:14.0230 0x1594  \Device\Harddisk1\DR1:
07:33:14.0230 0x1594  MBR partitions:
07:33:14.0230 0x1594  ============================================================
07:33:14.0261 0x1594  C: <-> \Device\Harddisk0\DR0\Partition2
07:33:14.0308 0x1594  Q: <-> \Device\Harddisk0\DR0\Partition3
07:33:14.0308 0x1594  ============================================================
07:33:14.0308 0x1594  Initialize success
07:33:14.0308 0x1594  ============================================================
07:33:45.0617 0x17a0  ============================================================
07:33:45.0617 0x17a0  Scan started
07:33:45.0617 0x17a0  Mode: Manual; SigCheck; TDLFS; 
07:33:45.0617 0x17a0  ============================================================
07:33:45.0617 0x17a0  KSN ping started
07:33:48.0331 0x17a0  KSN ping finished: true
07:33:48.0753 0x17a0  ================ Scan system memory ========================
07:33:48.0753 0x17a0  System memory - ok
07:33:48.0753 0x17a0  ================ Scan services =============================
07:33:48.0815 0x17a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:33:48.0862 0x17a0  1394ohci - ok
07:33:48.0893 0x17a0  [ 8D6EFD6DDE5562DF1114D4C092D8841E, 73F32F4E8834B137C009EEC54E3B65CB052EE559D576C27FFBE683E7B572FBF8 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
07:33:48.0909 0x17a0  5U877 - ok
07:33:48.0924 0x17a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:33:48.0940 0x17a0  ACPI - ok
07:33:48.0955 0x17a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:33:48.0971 0x17a0  AcpiPmi - ok
07:33:49.0033 0x17a0  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:33:49.0033 0x17a0  AdobeARMservice - ok
07:33:49.0111 0x17a0  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:33:49.0127 0x17a0  AdobeFlashPlayerUpdateSvc - ok
07:33:49.0158 0x17a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:33:49.0174 0x17a0  adp94xx - ok
07:33:49.0174 0x17a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:33:49.0189 0x17a0  adpahci - ok
07:33:49.0189 0x17a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:33:49.0205 0x17a0  adpu320 - ok
07:33:49.0236 0x17a0  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:33:49.0252 0x17a0  AeLookupSvc - ok
07:33:49.0283 0x17a0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
07:33:49.0299 0x17a0  AFD - ok
07:33:49.0314 0x17a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
07:33:49.0314 0x17a0  agp440 - ok
07:33:49.0330 0x17a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
07:33:49.0345 0x17a0  ALG - ok
07:33:49.0377 0x17a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:33:49.0377 0x17a0  aliide - ok
07:33:49.0392 0x17a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:33:49.0392 0x17a0  amdide - ok
07:33:49.0408 0x17a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:33:49.0408 0x17a0  AmdK8 - ok
07:33:49.0423 0x17a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:33:49.0439 0x17a0  AmdPPM - ok
07:33:49.0439 0x17a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:33:49.0455 0x17a0  amdsata - ok
07:33:49.0455 0x17a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:33:49.0470 0x17a0  amdsbs - ok
07:33:49.0486 0x17a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:33:49.0486 0x17a0  amdxata - ok
07:33:49.0501 0x17a0  [ A0711D119BA4B48A1470C768D301013E, 536366F809125D2C2171597C8C2CB3271BE5C6B373152112E0D970749776E00A ] AppID           C:\Windows\system32\drivers\appid.sys
07:33:49.0517 0x17a0  AppID - ok
07:33:49.0533 0x17a0  [ 173C90AF5B243B4DD86F95CA154CB58A, 349F566DADC96B31FDC34C4F26545FB880844DBF84E5821AA0D0CAA91FB837E1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:33:49.0533 0x17a0  AppIDSvc - ok
07:33:49.0548 0x17a0  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
07:33:49.0579 0x17a0  Appinfo - ok
07:33:49.0611 0x17a0  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:33:49.0611 0x17a0  Apple Mobile Device - ok
07:33:49.0626 0x17a0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:33:49.0642 0x17a0  AppMgmt - ok
07:33:49.0642 0x17a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
07:33:49.0657 0x17a0  arc - ok
07:33:49.0657 0x17a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:33:49.0673 0x17a0  arcsas - ok
07:33:49.0720 0x17a0  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:33:49.0735 0x17a0  aspnet_state - ok
07:33:49.0735 0x17a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:33:49.0767 0x17a0  AsyncMac - ok
07:33:49.0782 0x17a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:33:49.0798 0x17a0  atapi - ok
07:33:49.0829 0x17a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:33:49.0860 0x17a0  AudioEndpointBuilder - ok
07:33:49.0876 0x17a0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:33:49.0891 0x17a0  AudioSrv - ok
07:33:49.0907 0x17a0  [ E7C8FBDCB1C079C332F962DD1C075E5E, 4931B016C14B8ABE3CA5C8C0A3AC27253F2C72486CF43C299183EB65F93C06D4 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
07:33:49.0923 0x17a0  Avgdiska - ok
07:33:49.0938 0x17a0  [ 64A90A57573D0E7421900383223AF7A5, E85069B920D48647ECE05C3311EF1FE730541B3E6293D234E8E977EE5CF92F2A ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
07:33:49.0954 0x17a0  Avgfwfd - ok
07:33:50.0016 0x17a0  [ 41243897B54246EAAC509903D6018E35, 6C1569DA3AAD7B0ED55CECE503F51AB8EADFFB1B997524243F5424EE5D3740C1 ] avgfws          C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
07:33:50.0063 0x17a0  avgfws - ok
07:33:50.0141 0x17a0  [ 754B7E8A4AF182B9CA4A8B21BF543374, 2F954F9D7ABF4DE4FA9D2B2FBAC70BD3DAD2603DEDB889E627DD476A2DDBEB26 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
07:33:50.0219 0x17a0  AVGIDSAgent - ok
07:33:50.0250 0x17a0  [ E3DC1089EDAD57F5279804167E6142E9, 454E6E735B531D1A90FA3E64558B7C125A6E9460C8C30736DD8E43B0ADDB28F1 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
07:33:50.0266 0x17a0  AVGIDSDriver - ok
07:33:50.0281 0x17a0  [ 54384FC2230B4469E7EDF938B7CF5FF7, 93EF11C8D1EC307A71B43578EE3EFFF3FBAFB26AE0A94E4CFD54342CAA4C108C ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
07:33:50.0297 0x17a0  AVGIDSHA - ok
07:33:50.0313 0x17a0  [ 0CFB17D66DC1D76214F50E33C41CC8B6, 344E0D99C8D741C63F62859A29284D328E76E07A409692F1B6FB1F9DB3946420 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
07:33:50.0328 0x17a0  Avgldx64 - ok
07:33:50.0344 0x17a0  [ 7EC2B7BBA7A30691D2E0D8478F219B90, EBB18E34D502E85F6450E944B3A1AD7B86692F2F0C9041B927F69CE40E7802A6 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
07:33:50.0359 0x17a0  Avgloga - ok
07:33:50.0375 0x17a0  [ BC3016B9921753DD3A3CF1082FBCF146, E50C49C208297A6DBB8A7A7D8A3DF47128C7205A411F9E47335887DEE07B053A ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
07:33:50.0391 0x17a0  Avgmfx64 - ok
07:33:50.0406 0x17a0  [ 719EF00B1C5BED9CF5675274A4F774B9, 3883B41AC13AC7B2E2D58AA3209B3D479C53469A3F423CAC151A3F25DA462E3D ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
07:33:50.0406 0x17a0  Avgrkx64 - ok
07:33:50.0422 0x17a0  [ EB9606C7C31E2C90BD9A81B0BEE01C28, D07A064C069124DEAF2782438E606BB497EF7E866FF9069C1C474B2A7CC0A61A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
07:33:50.0437 0x17a0  Avgtdia - ok
07:33:50.0469 0x17a0  [ 3D120D753FA28961404F6061AD2128E2, F64E4F1AB6C2CD75B261D09E7A670D718C6064FDC9416394DC7F517E32C70BC0 ] avgwd           C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
07:33:50.0484 0x17a0  avgwd - ok
07:33:50.0500 0x17a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:33:50.0874 0x17a0  AxInstSV - ok
07:33:50.0890 0x17a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:33:50.0921 0x17a0  b06bdrv - ok
07:33:50.0937 0x17a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:33:50.0952 0x17a0  b57nd60a - ok
07:33:50.0968 0x17a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:33:50.0983 0x17a0  BDESVC - ok
07:33:50.0983 0x17a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:33:51.0015 0x17a0  Beep - ok
07:33:51.0030 0x17a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
07:33:51.0077 0x17a0  BFE - ok
07:33:51.0108 0x17a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
07:33:51.0186 0x17a0  BITS - ok
07:33:51.0186 0x17a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:33:51.0202 0x17a0  blbdrive - ok
07:33:51.0249 0x17a0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:33:51.0264 0x17a0  Bonjour Service - ok
07:33:51.0280 0x17a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:33:51.0295 0x17a0  bowser - ok
07:33:51.0311 0x17a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:33:51.0311 0x17a0  BrFiltLo - ok
07:33:51.0327 0x17a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:33:51.0342 0x17a0  BrFiltUp - ok
07:33:51.0358 0x17a0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:33:51.0389 0x17a0  BridgeMP - ok
07:33:51.0405 0x17a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
07:33:51.0420 0x17a0  Browser - ok
07:33:51.0436 0x17a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:33:51.0451 0x17a0  Brserid - ok
07:33:51.0451 0x17a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:33:51.0467 0x17a0  BrSerWdm - ok
07:33:51.0483 0x17a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:33:51.0498 0x17a0  BrUsbMdm - ok
07:33:51.0514 0x17a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:33:51.0514 0x17a0  BrUsbSer - ok
07:33:51.0529 0x17a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:33:51.0529 0x17a0  BTHMODEM - ok
07:33:51.0545 0x17a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
07:33:51.0576 0x17a0  bthserv - ok
07:33:51.0576 0x17a0  catchme - ok
07:33:51.0592 0x17a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:33:51.0623 0x17a0  cdfs - ok
07:33:51.0639 0x17a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:33:51.0654 0x17a0  cdrom - ok
07:33:51.0670 0x17a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:33:51.0685 0x17a0  CertPropSvc - ok
07:33:51.0701 0x17a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:33:51.0701 0x17a0  circlass - ok
07:33:51.0748 0x17a0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
07:33:51.0763 0x17a0  CLFS - ok
07:33:51.0873 0x17a0  [ E0AF1E0227133040326AF6E247C59823, C5AC881944F7C4DAC98EEA5DDA008E6B9760201A6A44EBF34A867BA161356D20 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
07:33:51.0935 0x17a0  ClickToRunSvc - ok
07:33:51.0982 0x17a0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:33:51.0982 0x17a0  clr_optimization_v2.0.50727_32 - ok
07:33:52.0029 0x17a0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:33:52.0044 0x17a0  clr_optimization_v2.0.50727_64 - ok
07:33:52.0075 0x17a0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:33:52.0075 0x17a0  clr_optimization_v4.0.30319_32 - ok
07:33:52.0091 0x17a0  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:33:52.0107 0x17a0  clr_optimization_v4.0.30319_64 - ok
07:33:52.0122 0x17a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:33:52.0122 0x17a0  CmBatt - ok
07:33:52.0138 0x17a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:33:52.0153 0x17a0  cmdide - ok
07:33:52.0200 0x17a0  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
07:33:52.0216 0x17a0  CNG - ok
07:33:52.0231 0x17a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:33:52.0231 0x17a0  Compbatt - ok
07:33:52.0247 0x17a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:33:52.0247 0x17a0  CompositeBus - ok
07:33:52.0263 0x17a0  COMSysApp - ok
07:33:52.0309 0x17a0  [ EB726E02074FDC44EBE97E01A2660AA6, D4C64BF00D71BB7A3DB429EF8B648056067A3FE857F72DD9CE4944A1359BE05D ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
07:33:52.0325 0x17a0  cphs - ok
07:33:52.0325 0x17a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:33:52.0341 0x17a0  crcdisk - ok
07:33:52.0356 0x17a0  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:33:52.0372 0x17a0  CryptSvc - ok
07:33:52.0403 0x17a0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
07:33:52.0434 0x17a0  CSC - ok
07:33:52.0450 0x17a0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
07:33:52.0481 0x17a0  CscService - ok
07:33:52.0512 0x17a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:33:52.0543 0x17a0  DcomLaunch - ok
07:33:52.0575 0x17a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:33:52.0606 0x17a0  defragsvc - ok
07:33:52.0621 0x17a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:33:52.0637 0x17a0  DfsC - ok
07:33:52.0653 0x17a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:33:52.0684 0x17a0  Dhcp - ok
07:33:52.0731 0x17a0  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
07:33:52.0777 0x17a0  DiagTrack - ok
07:33:52.0793 0x17a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
07:33:52.0824 0x17a0  discache - ok
07:33:52.0824 0x17a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
07:33:52.0840 0x17a0  Disk - ok
07:33:52.0855 0x17a0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:33:52.0871 0x17a0  dmvsc - ok
07:33:52.0902 0x17a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:33:52.0902 0x17a0  Dnscache - ok
07:33:52.0933 0x17a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:33:52.0965 0x17a0  dot3svc - ok
07:33:52.0980 0x17a0  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
07:33:52.0996 0x17a0  Dot4 - ok
07:33:53.0011 0x17a0  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:33:53.0011 0x17a0  Dot4Print - ok
07:33:53.0027 0x17a0  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
07:33:53.0043 0x17a0  dot4usb - ok
07:33:53.0074 0x17a0  [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
07:33:53.0089 0x17a0  DozeSvc - ok
07:33:53.0105 0x17a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
07:33:53.0136 0x17a0  DPS - ok
07:33:53.0136 0x17a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:33:53.0152 0x17a0  drmkaud - ok
07:33:53.0199 0x17a0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:33:53.0230 0x17a0  DXGKrnl - ok
07:33:53.0245 0x17a0  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
07:33:53.0245 0x17a0  DzHDD64 - ok
07:33:53.0261 0x17a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
07:33:53.0292 0x17a0  EapHost - ok
07:33:53.0386 0x17a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:33:53.0464 0x17a0  ebdrv - ok
07:33:53.0479 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] EFS             C:\Windows\System32\lsass.exe
07:33:53.0495 0x17a0  EFS - ok
07:33:53.0526 0x17a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:33:53.0557 0x17a0  ehRecvr - ok
07:33:53.0557 0x17a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
07:33:53.0573 0x17a0  ehSched - ok
07:33:53.0604 0x17a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:33:53.0620 0x17a0  elxstor - ok
07:33:53.0620 0x17a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:33:53.0635 0x17a0  ErrDev - ok
07:33:53.0667 0x17a0  [ 528D0AB4792A168F18403616A753B323, 5D82EFCF9DD6F6D19E562029A67458339104D23DB33461DB02B2927F08794C06 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
07:33:53.0682 0x17a0  ETD - ok
07:33:53.0698 0x17a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
07:33:53.0729 0x17a0  EventSystem - ok
07:33:53.0760 0x17a0  [ 6BAF341D52620412302BB05D6126EADB, D4B8AE1C2CDE527F8F4A499515845B0979435E114250212FFED7BB6A92FF2FE5 ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
07:33:53.0760 0x17a0  excfs - ok
07:33:53.0760 0x17a0  [ 9E871D746BEC9943F8D4BB172DB59D18, 08A4E76C425335C7329819434F18E476BFAA7129C0EBFAFE9D6A870B981E3F44 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
07:33:53.0776 0x17a0  excsd - ok
07:33:53.0791 0x17a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:33:53.0823 0x17a0  exfat - ok
07:33:53.0838 0x17a0  [ 268D08F7C45522DBB35F410E809AB65E, 8D7E086F2DA1B00FCAA8B73A77A76211344888860EA65F9623B055A7999FDECC ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
07:33:53.0838 0x17a0  ExpressCache - ok
07:33:53.0854 0x17a0  [ B76B2CB4BD5B38397D4CE3FC50C8A3AB, 4C956085080AA9BCB4A314850936CDA5DC972D2A3ACDB4486E25A7574F7FF93C ] Fastboot        C:\Windows\system32\DRIVERS\fastboot.sys
07:33:53.0854 0x17a0  Fastboot - ok
07:33:53.0901 0x17a0  [ F59B90E3EC939910D3E67DF29A4CB397, 852D17F4F0E7BD77129328989F2CF67E744DFCB65016319DF7AE5738A061043F ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
07:33:53.0901 0x17a0  FastbootService - ok
07:33:53.0916 0x17a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:33:53.0947 0x17a0  fastfat - ok
07:33:53.0979 0x17a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
07:33:54.0010 0x17a0  Fax - ok
07:33:54.0025 0x17a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
07:33:54.0041 0x17a0  fdc - ok
07:33:54.0057 0x17a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
07:33:54.0072 0x17a0  fdPHost - ok
07:33:54.0072 0x17a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:33:54.0103 0x17a0  FDResPub - ok
07:33:54.0119 0x17a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:33:54.0119 0x17a0  FileInfo - ok
07:33:54.0119 0x17a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:33:54.0150 0x17a0  Filetrace - ok
07:33:54.0150 0x17a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:33:54.0166 0x17a0  flpydisk - ok
07:33:54.0181 0x17a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:33:54.0197 0x17a0  FltMgr - ok
07:33:54.0244 0x17a0  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
07:33:54.0275 0x17a0  FontCache - ok
07:33:54.0306 0x17a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:33:54.0322 0x17a0  FontCache3.0.0.0 - ok
07:33:54.0322 0x17a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:33:54.0337 0x17a0  FsDepends - ok
07:33:54.0337 0x17a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:33:54.0353 0x17a0  Fs_Rec - ok
07:33:54.0369 0x17a0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:33:54.0384 0x17a0  fvevol - ok
07:33:54.0400 0x17a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:33:54.0400 0x17a0  gagp30kx - ok
07:33:54.0415 0x17a0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:33:54.0415 0x17a0  GEARAspiWDM - ok
07:33:54.0493 0x17a0  [ 76C86AA617AE8D8D4001B3B153E93AC5, 4BB537561E3CBDA2B20CAC3F6B3938788F8CB07BA5003745B6B6A060B4A38291 ] GoToMyPC        C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
07:33:54.0525 0x17a0  GoToMyPC - ok
07:33:54.0556 0x17a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:33:54.0603 0x17a0  gpsvc - ok
07:33:54.0634 0x17a0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:33:54.0634 0x17a0  gupdate - ok
07:33:54.0649 0x17a0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:33:54.0649 0x17a0  gupdatem - ok
07:33:54.0665 0x17a0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:33:54.0681 0x17a0  gusvc - ok
07:33:54.0681 0x17a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:33:54.0696 0x17a0  hcw85cir - ok
07:33:54.0727 0x17a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:33:54.0743 0x17a0  HdAudAddService - ok
07:33:54.0759 0x17a0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:33:54.0774 0x17a0  HDAudBus - ok
07:33:54.0774 0x17a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:33:54.0790 0x17a0  HidBatt - ok
07:33:54.0790 0x17a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:33:54.0805 0x17a0  HidBth - ok
07:33:54.0821 0x17a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:33:54.0821 0x17a0  HidIr - ok
07:33:54.0852 0x17a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
07:33:54.0868 0x17a0  hidserv - ok
07:33:54.0883 0x17a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
07:33:54.0899 0x17a0  HidUsb - ok
07:33:54.0915 0x17a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:33:54.0946 0x17a0  hkmsvc - ok
07:33:54.0946 0x17a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:33:54.0961 0x17a0  HomeGroupListener - ok
07:33:54.0993 0x17a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:33:54.0993 0x17a0  HomeGroupProvider - ok
07:33:55.0008 0x17a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:33:55.0008 0x17a0  HpSAMD - ok
07:33:55.0055 0x17a0  [ 7F57926169C1B8ABA9274EA7D4B70F18, A2BB01054737C6B0461381221D1C344951AC2BE9E5AE01E15A6871B31B62BE78 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:33:55.0071 0x17a0  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
07:33:58.0159 0x17a0  Detect skipped due to KSN trusted
07:33:58.0159 0x17a0  HPSLPSVC - ok
07:33:58.0222 0x17a0  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:33:58.0253 0x17a0  HTTP - ok
07:33:58.0253 0x17a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:33:58.0269 0x17a0  hwpolicy - ok
07:33:58.0300 0x17a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:33:58.0300 0x17a0  i8042prt - ok
07:33:58.0315 0x17a0  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
07:33:58.0331 0x17a0  iaStor - ok
07:33:58.0347 0x17a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:33:58.0362 0x17a0  iaStorV - ok
07:33:58.0378 0x17a0  [ B005844661028E11480D724A709CC298, DC738AA0246581814915160BA824C2DB9009E6CFCCDB6A268F08C8D13F52BEB0 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
07:33:58.0393 0x17a0  IBMPMDRV - ok
07:33:58.0409 0x17a0  [ ED802CE6B36E280401197F593634C1DD, 620F2D5F40B8E61DE606FC1B1B1DCDD12BE7431E065F9CB776FDCFF915B1D243 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
07:33:58.0409 0x17a0  IBMPMSVC - ok
07:33:58.0456 0x17a0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:33:58.0487 0x17a0  idsvc - ok
07:33:58.0705 0x17a0  [ B9857625DF8B539ABCB90E15B5716568, 99393C74D6C5BB1D3B7399C628DEF47641563A3A1118988597091B0735805F06 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:33:58.0908 0x17a0  igfx - ok
07:33:58.0971 0x17a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:33:58.0986 0x17a0  iirsp - ok
07:33:59.0017 0x17a0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
07:33:59.0049 0x17a0  IKEEXT - ok
07:33:59.0158 0x17a0  [ 5F6A3EA5BD7CA861863A3A06CECC115C, 312B27BB6664A2DFF3B48CF9DA04511AAB281A2521A6140C7DB1613DC6562D59 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:33:59.0236 0x17a0  IntcAzAudAddService - ok
07:33:59.0251 0x17a0  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
07:33:59.0267 0x17a0  IntcDAud - ok
07:33:59.0314 0x17a0  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
07:33:59.0329 0x17a0  Intel® Capability Licensing Service Interface - ok
07:33:59.0345 0x17a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:33:59.0345 0x17a0  intelide - ok
07:33:59.0376 0x17a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:33:59.0376 0x17a0  intelppm - ok
07:33:59.0407 0x17a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:33:59.0439 0x17a0  IPBusEnum - ok
07:33:59.0454 0x17a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:33:59.0470 0x17a0  IpFilterDriver - ok
07:33:59.0485 0x17a0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:33:59.0517 0x17a0  iphlpsvc - ok
07:33:59.0532 0x17a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:33:59.0532 0x17a0  IPMIDRV - ok
07:33:59.0548 0x17a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:33:59.0579 0x17a0  IPNAT - ok
07:33:59.0610 0x17a0  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:33:59.0626 0x17a0  iPod Service - ok
07:33:59.0626 0x17a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:33:59.0641 0x17a0  IRENUM - ok
07:33:59.0657 0x17a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:33:59.0657 0x17a0  isapnp - ok
07:33:59.0688 0x17a0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:33:59.0704 0x17a0  iScsiPrt - ok
07:33:59.0719 0x17a0  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
07:33:59.0735 0x17a0  iusb3hcs - ok
07:33:59.0751 0x17a0  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
07:33:59.0766 0x17a0  iusb3hub - ok
07:33:59.0797 0x17a0  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
07:33:59.0813 0x17a0  iusb3xhc - ok
07:33:59.0860 0x17a0  [ 09CA717536671E0896E07D239EE6740F, 5E1A4A1490D38DBDF21DD655D2139FC2856F5CAED6A72C4C6E65BF6C01C896CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
07:33:59.0875 0x17a0  jhi_service - ok
07:33:59.0891 0x17a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:33:59.0891 0x17a0  kbdclass - ok
07:33:59.0907 0x17a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
07:33:59.0922 0x17a0  kbdhid - ok
07:33:59.0938 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] KeyIso          C:\Windows\system32\lsass.exe
07:33:59.0938 0x17a0  KeyIso - ok
07:33:59.0953 0x17a0  [ A405647429DE231CD954D93F792CFBA2, EDE6095A20FE10EB26B3018457A44807A120508E6C514F2EAC12F5BA1F74841E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:33:59.0969 0x17a0  KSecDD - ok
07:33:59.0985 0x17a0  [ E4DC0909B5EACB5BF50F6252095BCFF2, 18779648B7FD9D3DFFD8F314E2197962DF98884CC9F025BC5D884984C1C0759D ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:33:59.0985 0x17a0  KSecPkg - ok
07:34:00.0000 0x17a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:34:00.0016 0x17a0  ksthunk - ok
07:34:00.0047 0x17a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:34:00.0078 0x17a0  KtmRm - ok
07:34:00.0109 0x17a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:34:00.0141 0x17a0  LanmanServer - ok
07:34:00.0141 0x17a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:34:00.0172 0x17a0  LanmanWorkstation - ok
07:34:00.0203 0x17a0  [ C859A03AC00B8BEF2F0075EA59F5E5B9, 9C2B4938BEF4757B635EBAAAFB530429EB8496AAF07FE5CCEACB6761E6B04656 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
07:34:00.0219 0x17a0  LENOVO.CAMMUTE - ok
07:34:00.0234 0x17a0  [ 521ADEA6D54C519EA3BE8202FF3EC36D, E29C88321C0F8B136951B617C206B36AE25D68EF08E723DE99064EF9BE87A3F9 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
07:34:00.0234 0x17a0  LENOVO.MICMUTE - ok
07:34:00.0234 0x17a0  [ 2890A29E8EEC3AAD6B56581E790B3DBB, FCEDA5A191FC2E15E75C2FABEB5C5CC0007459005EAFBC6D7CFE4BD799A12A49 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
07:34:00.0250 0x17a0  LENOVO.TPKNRSVC - ok
07:34:00.0265 0x17a0  [ EF893F791F63CB94524F7540353C298A, B10D14D32D36CDCA9DA537F90ECA95E14D634046B4D9319A11A4692C88388AF0 ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
07:34:00.0265 0x17a0  LENOVO.TVTVCAM - ok
07:34:00.0281 0x17a0  [ D253E6009F05776F505F96866CCF460F, 8A39E77B4FC780BB9C6C8A892603248D87ED70255BF9BED0218BE2420B5E8C53 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
07:34:00.0297 0x17a0  Lenovo.VIRTSCRLSVC - ok
07:34:00.0312 0x17a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:34:00.0328 0x17a0  lltdio - ok
07:34:00.0359 0x17a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:34:00.0390 0x17a0  lltdsvc - ok
07:34:00.0406 0x17a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:34:00.0437 0x17a0  lmhosts - ok
07:34:00.0453 0x17a0  LMIInfo - ok
07:34:00.0468 0x17a0  [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
07:34:00.0468 0x17a0  lmimirr - ok
07:34:00.0484 0x17a0  LMIRfsClientNP - ok
07:34:00.0499 0x17a0  [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
07:34:00.0499 0x17a0  LMIRfsDriver - ok
07:34:00.0515 0x17a0  [ A60D56228FF3EE7EC1A56A908924680E, A50D75BB87CF4858681720380E9E1EF7FDFE1411E10D856F3E7BBAF3FB1EDDFC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:34:00.0531 0x17a0  LMS - ok
07:34:00.0546 0x17a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:34:00.0562 0x17a0  LSI_FC - ok
07:34:00.0577 0x17a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:34:00.0577 0x17a0  LSI_SAS - ok
07:34:00.0577 0x17a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:34:00.0593 0x17a0  LSI_SAS2 - ok
07:34:00.0609 0x17a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:34:00.0609 0x17a0  LSI_SCSI - ok
07:34:00.0624 0x17a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:34:00.0640 0x17a0  luafv - ok
07:34:00.0655 0x17a0  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:34:00.0671 0x17a0  MBAMProtector - ok
07:34:00.0718 0x17a0  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
07:34:00.0749 0x17a0  MBAMService - ok
07:34:00.0765 0x17a0  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
07:34:00.0765 0x17a0  MBAMWebAccessControl - ok
07:34:00.0796 0x17a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:34:00.0796 0x17a0  Mcx2Svc - ok
07:34:00.0811 0x17a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:34:00.0811 0x17a0  megasas - ok
07:34:00.0827 0x17a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:34:00.0843 0x17a0  MegaSR - ok
07:34:00.0858 0x17a0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
07:34:00.0858 0x17a0  MEIx64 - ok
07:34:00.0889 0x17a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
07:34:00.0921 0x17a0  MMCSS - ok
07:34:00.0921 0x17a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
07:34:00.0952 0x17a0  Modem - ok
07:34:00.0967 0x17a0  [ 75438E2C1B3837DB84E2E54016E5E6F9, D12A070D824E36F857E4DC192B0D283C87497A1C3A1022B44B0C5F69B5514B20 ] monblanking     C:\Windows\system32\DRIVERS\monblanking.sys
07:34:00.0967 0x17a0  monblanking - ok
07:34:00.0983 0x17a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:34:00.0999 0x17a0  monitor - ok
07:34:01.0014 0x17a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:34:01.0014 0x17a0  mouclass - ok
07:34:01.0030 0x17a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
07:34:01.0030 0x17a0  mouhid - ok
07:34:01.0045 0x17a0  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:34:01.0061 0x17a0  mountmgr - ok
07:34:01.0077 0x17a0  [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:34:01.0092 0x17a0  MozillaMaintenance - ok
07:34:01.0092 0x17a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:34:01.0108 0x17a0  mpio - ok
07:34:01.0123 0x17a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:34:01.0155 0x17a0  mpsdrv - ok
07:34:01.0170 0x17a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:34:01.0217 0x17a0  MpsSvc - ok
07:34:01.0233 0x17a0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:34:01.0248 0x17a0  MRxDAV - ok
07:34:01.0264 0x17a0  [ 43E1F4B0EFDC244D2A83995CCD7846F7, B8FB3CB6C736E20399AF3164197B14E977DDEC8FD164564501A328A8A3A30267 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:34:01.0279 0x17a0  mrxsmb - ok
07:34:01.0295 0x17a0  [ 62CEA59FF56B66154E08BD51D87392C2, 5DC63583E417659139FACD2365C2F8F3C9867E331F7374BD4F6C6E2386B5F746 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:34:01.0311 0x17a0  mrxsmb10 - ok
07:34:01.0311 0x17a0  [ 7D65B5E9573A26C204AA547457DBF544, CE88A733D031DEDBA6ADADB7D9911B3D151A2DDB566A65E0C9E1F07B1A4364AF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:34:01.0326 0x17a0  mrxsmb20 - ok
07:34:01.0326 0x17a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:34:01.0342 0x17a0  msahci - ok
07:34:01.0342 0x17a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:34:01.0357 0x17a0  msdsm - ok
07:34:01.0373 0x17a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
07:34:01.0389 0x17a0  MSDTC - ok
07:34:01.0389 0x17a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:34:01.0420 0x17a0  Msfs - ok
07:34:01.0420 0x17a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:34:01.0451 0x17a0  mshidkmdf - ok
07:34:01.0451 0x17a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:34:01.0467 0x17a0  msisadrv - ok
07:34:01.0482 0x17a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:34:01.0513 0x17a0  MSiSCSI - ok
07:34:01.0513 0x17a0  msiserver - ok
07:34:01.0545 0x17a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:34:01.0560 0x17a0  MSKSSRV - ok
07:34:01.0576 0x17a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:34:01.0591 0x17a0  MSPCLOCK - ok
07:34:01.0607 0x17a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:34:01.0623 0x17a0  MSPQM - ok
07:34:01.0638 0x17a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:34:01.0654 0x17a0  MsRPC - ok
07:34:01.0669 0x17a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:34:01.0685 0x17a0  mssmbios - ok
07:34:01.0685 0x17a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:34:01.0716 0x17a0  MSTEE - ok
07:34:01.0716 0x17a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:34:01.0732 0x17a0  MTConfig - ok
07:34:01.0747 0x17a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:34:01.0747 0x17a0  Mup - ok
07:34:01.0779 0x17a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
07:34:01.0810 0x17a0  napagent - ok
07:34:01.0825 0x17a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:34:01.0841 0x17a0  NativeWifiP - ok
07:34:01.0872 0x17a0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:34:01.0888 0x17a0  NDIS - ok
07:34:01.0903 0x17a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:34:01.0935 0x17a0  NdisCap - ok
07:34:01.0950 0x17a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:34:01.0966 0x17a0  NdisTapi - ok
07:34:01.0981 0x17a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:34:01.0997 0x17a0  Ndisuio - ok
07:34:01.0997 0x17a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:34:02.0028 0x17a0  NdisWan - ok
07:34:02.0028 0x17a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:34:02.0059 0x17a0  NDProxy - ok
07:34:02.0091 0x17a0  [ D5AC41AE382738483FAFFBD7E373D49A, 68793D15566F387650E9C5010E1CA73BDE3EB4BA431EA0A1673004CAE08413B0 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:34:02.0091 0x17a0  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:34:05.0039 0x17a0  Detect skipped due to KSN trusted
07:34:05.0039 0x17a0  Net Driver HPZ12 - ok
07:34:05.0086 0x17a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:34:05.0117 0x17a0  NetBIOS - ok
07:34:05.0148 0x17a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:34:05.0179 0x17a0  NetBT - ok
07:34:05.0179 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] Netlogon        C:\Windows\system32\lsass.exe
07:34:05.0195 0x17a0  Netlogon - ok
07:34:05.0226 0x17a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
07:34:05.0257 0x17a0  Netman - ok
07:34:05.0304 0x17a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:34:05.0304 0x17a0  NetMsmqActivator - ok
07:34:05.0320 0x17a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:34:05.0320 0x17a0  NetPipeActivator - ok
07:34:05.0351 0x17a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
07:34:05.0382 0x17a0  netprofm - ok
07:34:05.0382 0x17a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:34:05.0398 0x17a0  NetTcpActivator - ok
07:34:05.0398 0x17a0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:34:05.0413 0x17a0  NetTcpPortSharing - ok
07:34:05.0429 0x17a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:34:05.0429 0x17a0  nfrd960 - ok
07:34:05.0460 0x17a0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:34:05.0491 0x17a0  NlaSvc - ok
07:34:05.0491 0x17a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:34:05.0523 0x17a0  Npfs - ok
07:34:05.0538 0x17a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
07:34:05.0569 0x17a0  nsi - ok
07:34:05.0585 0x17a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:34:05.0601 0x17a0  nsiproxy - ok
07:34:05.0647 0x17a0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:34:05.0694 0x17a0  Ntfs - ok
07:34:05.0710 0x17a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
07:34:05.0741 0x17a0  Null - ok
07:34:05.0741 0x17a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:34:05.0757 0x17a0  nvraid - ok
07:34:05.0772 0x17a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:34:05.0788 0x17a0  nvstor - ok
07:34:05.0803 0x17a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:34:05.0819 0x17a0  nv_agp - ok
07:34:05.0835 0x17a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:34:05.0835 0x17a0  ohci1394 - ok
07:34:05.0881 0x17a0  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:34:05.0881 0x17a0  ose - ok
07:34:06.0022 0x17a0  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:34:06.0147 0x17a0  osppsvc - ok
07:34:06.0162 0x17a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:34:06.0193 0x17a0  p2pimsvc - ok
07:34:06.0209 0x17a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:34:06.0225 0x17a0  p2psvc - ok
07:34:06.0256 0x17a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
07:34:06.0271 0x17a0  Parport - ok
07:34:06.0287 0x17a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:34:06.0287 0x17a0  partmgr - ok
07:34:06.0334 0x17a0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:34:06.0349 0x17a0  PcaSvc - ok
07:34:06.0365 0x17a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
07:34:06.0381 0x17a0  pci - ok
07:34:06.0396 0x17a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:34:06.0412 0x17a0  pciide - ok
07:34:06.0427 0x17a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:34:06.0443 0x17a0  pcmcia - ok
07:34:06.0459 0x17a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:34:06.0459 0x17a0  pcw - ok
07:34:06.0490 0x17a0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:34:06.0833 0x17a0  PEAUTH - ok
07:34:06.0911 0x17a0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:34:06.0958 0x17a0  PeerDistSvc - ok
07:34:07.0005 0x17a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:34:07.0161 0x17a0  PerfHost - ok
07:34:07.0207 0x17a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
07:34:07.0379 0x17a0  pla - ok
07:34:07.0457 0x17a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:34:07.0473 0x17a0  PlugPlay - ok
07:34:07.0488 0x17a0  [ 37F6046CDC630442D7DC087501FF6FC6, EFC0F3DA49839CA263CD95AE5015F4FC554D9D845A58A699C542C8C96E70ED3C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:34:07.0504 0x17a0  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:34:09.0984 0x17a0  Detect skipped due to KSN trusted
07:34:09.0984 0x17a0  Pml Driver HPZ12 - ok
07:34:10.0031 0x17a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:34:10.0031 0x17a0  PNRPAutoReg - ok
07:34:10.0047 0x17a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:34:10.0062 0x17a0  PNRPsvc - ok
07:34:10.0093 0x17a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:34:10.0140 0x17a0  PolicyAgent - ok
07:34:10.0156 0x17a0  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
07:34:10.0171 0x17a0  Power - ok
07:34:10.0234 0x17a0  [ DEED60F99C5B8E386D507860F600D509, 1662F4F7C2CB305C6794B0FF546550393DC7C7FCC709C2D342A7092B446830AA ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
07:34:10.0265 0x17a0  Power Manager DBC Service - ok
07:34:10.0296 0x17a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:34:10.0312 0x17a0  PptpMiniport - ok
07:34:10.0327 0x17a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
07:34:10.0343 0x17a0  Processor - ok
07:34:10.0359 0x17a0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:34:10.0390 0x17a0  ProfSvc - ok
07:34:10.0390 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:34:10.0405 0x17a0  ProtectedStorage - ok
07:34:10.0405 0x17a0  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
07:34:10.0421 0x17a0  psadd - ok
07:34:10.0437 0x17a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:34:10.0452 0x17a0  Psched - ok
07:34:10.0515 0x17a0  [ 68DCE950DCD2ABBB82362D383EC5836E, 5A3E0ABE32BA53A0D719757222455BE9308844C4968CA27B178C86BCF6FDC4DC ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
07:34:10.0546 0x17a0  PwmEWSvc - ok
07:34:10.0593 0x17a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:34:10.0639 0x17a0  ql2300 - ok
07:34:10.0655 0x17a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:34:10.0671 0x17a0  ql40xx - ok
07:34:10.0702 0x17a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
07:34:10.0717 0x17a0  QWAVE - ok
07:34:10.0717 0x17a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:34:10.0733 0x17a0  QWAVEdrv - ok
07:34:10.0749 0x17a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:34:10.0764 0x17a0  RasAcd - ok
07:34:10.0780 0x17a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:34:10.0811 0x17a0  RasAgileVpn - ok
07:34:10.0827 0x17a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
07:34:10.0842 0x17a0  RasAuto - ok
07:34:10.0858 0x17a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:34:10.0889 0x17a0  Rasl2tp - ok
07:34:10.0889 0x17a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
07:34:10.0920 0x17a0  RasMan - ok
07:34:10.0936 0x17a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:34:10.0967 0x17a0  RasPppoe - ok
07:34:10.0967 0x17a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:34:10.0998 0x17a0  RasSstp - ok
07:34:11.0014 0x17a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:34:11.0045 0x17a0  rdbss - ok
07:34:11.0045 0x17a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:34:11.0061 0x17a0  rdpbus - ok
07:34:11.0076 0x17a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:34:11.0092 0x17a0  RDPCDD - ok
07:34:11.0123 0x17a0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:34:11.0139 0x17a0  RDPDR - ok
07:34:11.0154 0x17a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:34:11.0170 0x17a0  RDPENCDD - ok
07:34:11.0185 0x17a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:34:11.0201 0x17a0  RDPREFMP - ok
07:34:11.0263 0x17a0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:34:11.0279 0x17a0  RdpVideoMiniport - ok
07:34:11.0310 0x17a0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:34:11.0326 0x17a0  RDPWD - ok
07:34:11.0341 0x17a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:34:11.0357 0x17a0  rdyboost - ok
07:34:11.0373 0x17a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:34:11.0404 0x17a0  RemoteAccess - ok
07:34:11.0419 0x17a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:34:11.0451 0x17a0  RemoteRegistry - ok
07:34:11.0466 0x17a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:34:11.0497 0x17a0  RpcEptMapper - ok
07:34:11.0497 0x17a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
07:34:11.0497 0x17a0  RpcLocator - ok
07:34:11.0529 0x17a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
07:34:11.0560 0x17a0  RpcSs - ok
07:34:11.0591 0x17a0  [ 1F4C4F27F5C06B637255661F33B74E1A, 8AAB7474100B828B634D99634C3A0AD1F67F5F9F8D65D8DBA7E7A10FE597BCCC ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
07:34:11.0591 0x17a0  RSP2STOR - ok
07:34:11.0607 0x17a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:34:11.0622 0x17a0  rspndr - ok
07:34:11.0653 0x17a0  [ 6CF9DB101A75360E98659F823852E540, A7D48DF41A831EEF9978B51786EF80DB9CC40602BE66D46CA11BE1548BC2D10C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
07:34:11.0685 0x17a0  RTL8167 - ok
07:34:11.0700 0x17a0  [ 6BC5C9EDC130A9A07B9B780045668AC4, 18BE0C7E1A78CE9A562C583875352B09478CB2836621D7B4892726A205B17A3D ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
07:34:11.0731 0x17a0  RTL8192Ce - ok
07:34:11.0747 0x17a0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:34:11.0763 0x17a0  s3cap - ok
07:34:11.0763 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] SamSs           C:\Windows\system32\lsass.exe
07:34:11.0778 0x17a0  SamSs - ok
07:34:11.0794 0x17a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:34:11.0809 0x17a0  sbp2port - ok
07:34:11.0809 0x17a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:34:11.0841 0x17a0  SCardSvr - ok
07:34:11.0872 0x17a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:34:11.0903 0x17a0  scfilter - ok
07:34:11.0950 0x17a0  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
07:34:11.0981 0x17a0  Schedule - ok
07:34:11.0997 0x17a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:34:12.0028 0x17a0  SCPolicySvc - ok
07:34:12.0043 0x17a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:34:12.0059 0x17a0  SDRSVC - ok
07:34:12.0059 0x17a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:34:12.0090 0x17a0  secdrv - ok
07:34:12.0090 0x17a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
07:34:12.0121 0x17a0  seclogon - ok
07:34:12.0121 0x17a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
07:34:12.0153 0x17a0  SENS - ok
07:34:12.0168 0x17a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:34:12.0168 0x17a0  SensrSvc - ok
07:34:12.0184 0x17a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:34:12.0184 0x17a0  Serenum - ok
07:34:12.0199 0x17a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
07:34:12.0215 0x17a0  Serial - ok
07:34:12.0231 0x17a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:34:12.0231 0x17a0  sermouse - ok
07:34:12.0262 0x17a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:34:12.0293 0x17a0  SessionEnv - ok
07:34:12.0309 0x17a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:34:12.0309 0x17a0  sffdisk - ok
07:34:12.0324 0x17a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:34:12.0324 0x17a0  sffp_mmc - ok
07:34:12.0340 0x17a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:34:12.0355 0x17a0  sffp_sd - ok
07:34:12.0355 0x17a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:34:12.0371 0x17a0  sfloppy - ok
07:34:12.0387 0x17a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:34:12.0418 0x17a0  SharedAccess - ok
07:34:12.0433 0x17a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:34:12.0465 0x17a0  ShellHWDetection - ok
07:34:12.0480 0x17a0  [ 3FA2CBF653544AB4EC2249B6719A3C8E, 704FC7ECF67999A338439917C5345ED5D6D0BDCB8859CBE85A1CA7E7943C9D6F ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
07:34:12.0496 0x17a0  Shockprf - ok
07:34:12.0511 0x17a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:34:12.0511 0x17a0  SiSRaid2 - ok
07:34:12.0527 0x17a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:34:12.0527 0x17a0  SiSRaid4 - ok
07:34:12.0558 0x17a0  [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:34:12.0574 0x17a0  SkypeUpdate - ok
07:34:12.0589 0x17a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:34:12.0621 0x17a0  Smb - ok
07:34:12.0652 0x17a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:34:12.0652 0x17a0  SNMPTRAP - ok
07:34:12.0667 0x17a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:34:12.0667 0x17a0  spldr - ok
07:34:12.0683 0x17a0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
07:34:12.0714 0x17a0  Spooler - ok
07:34:12.0792 0x17a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
07:34:12.0886 0x17a0  sppsvc - ok
07:34:12.0901 0x17a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:34:12.0933 0x17a0  sppuinotify - ok
07:34:12.0948 0x17a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:34:12.0964 0x17a0  srv - ok
07:34:12.0995 0x17a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:34:13.0011 0x17a0  srv2 - ok
07:34:13.0011 0x17a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:34:13.0026 0x17a0  srvnet - ok
07:34:13.0042 0x17a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:34:13.0073 0x17a0  SSDPSRV - ok
07:34:13.0089 0x17a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:34:13.0120 0x17a0  SstpSvc - ok
07:34:13.0135 0x17a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:34:13.0135 0x17a0  stexstor - ok
07:34:13.0167 0x17a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
07:34:13.0198 0x17a0  stisvc - ok
07:34:13.0213 0x17a0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
07:34:13.0213 0x17a0  storflt - ok
07:34:13.0229 0x17a0  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
07:34:13.0245 0x17a0  StorSvc - ok
07:34:13.0260 0x17a0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:34:13.0260 0x17a0  storvsc - ok
07:34:13.0323 0x17a0  [ BC2CF20E9C24423FF8826C601104A4CC, E71D5070B7BA59CDC61D555FB9D8ADD178521FB186174CB522852522929D62D4 ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
07:34:13.0323 0x17a0  SUService - ok
07:34:13.0338 0x17a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:34:13.0338 0x17a0  swenum - ok
07:34:13.0369 0x17a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
07:34:13.0401 0x17a0  swprv - ok
07:34:13.0463 0x17a0  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
07:34:13.0510 0x17a0  SysMain - ok
07:34:13.0525 0x17a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:34:13.0541 0x17a0  TabletInputService - ok
07:34:13.0557 0x17a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:34:13.0588 0x17a0  TapiSrv - ok
07:34:13.0588 0x17a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
07:34:13.0619 0x17a0  TBS - ok
07:34:13.0697 0x17a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:34:13.0744 0x17a0  Tcpip - ok
07:34:13.0775 0x17a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:34:13.0822 0x17a0  TCPIP6 - ok
07:34:13.0837 0x17a0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:34:13.0853 0x17a0  tcpipreg - ok
07:34:13.0869 0x17a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:34:13.0884 0x17a0  TDPIPE - ok
07:34:13.0915 0x17a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:34:13.0915 0x17a0  TDTCP - ok
07:34:13.0947 0x17a0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:34:13.0962 0x17a0  tdx - ok
07:34:13.0962 0x17a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:34:13.0962 0x17a0  TermDD - ok
07:34:14.0009 0x17a0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
07:34:14.0025 0x17a0  TermService - ok
07:34:14.0056 0x17a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
07:34:14.0071 0x17a0  Themes - ok
07:34:14.0087 0x17a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
07:34:14.0118 0x17a0  THREADORDER - ok
07:34:14.0118 0x17a0  [ C6A7B3A4AA4D77520BBC3A7DB0019365, C7BA545D79AD9D83E158737205FED0579B5745F7C4A46254E72EDE235F64FEBA ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
07:34:14.0134 0x17a0  TPDIGIMN - ok
07:34:14.0149 0x17a0  [ 82EF6083538F19DF83A51A433498322F, 6C6D89A9F29D27E8CAF51374E18661163E6116DA1A09CE87598A78D2AF0FF125 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
07:34:14.0149 0x17a0  TPHDEXLGSVC - ok
07:34:14.0196 0x17a0  [ D6265A9008DC7B6411ACBAEB7CA26F75, C4992ACB4BB2BBB7249B52791BF4E5ED67AC854998733A7BBC6CEB3275D6726D ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
07:34:14.0212 0x17a0  TPHKLOAD - ok
07:34:14.0227 0x17a0  [ 7FF003567BE266566A2F13BE04F76714, 0E8525B6D54DAC39E72DE79006CA4E72A2BB41010DA486828882F9BC88B22234 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
07:34:14.0243 0x17a0  TPHKSVC - ok
07:34:14.0243 0x17a0  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
07:34:14.0259 0x17a0  TPM - ok
07:34:14.0274 0x17a0  [ 1DF6E6C026AD1D428687FE3B427A87BC, DA8F17A1030A0DEC81F5356B4DC99EC1F93FAD1292779191FDD53FEE530F9520 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
07:34:14.0274 0x17a0  TPPWRIF - ok
07:34:14.0290 0x17a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
07:34:14.0321 0x17a0  TrkWks - ok
07:34:14.0368 0x17a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:34:14.0383 0x17a0  TrustedInstaller - ok
07:34:14.0399 0x17a0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:34:14.0415 0x17a0  tssecsrv - ok
07:34:14.0446 0x17a0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:34:14.0446 0x17a0  TsUsbFlt - ok
07:34:14.0461 0x17a0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:34:14.0477 0x17a0  TsUsbGD - ok
07:34:14.0493 0x17a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:34:14.0524 0x17a0  tunnel - ok
07:34:14.0524 0x17a0  [ D4915DB03B19F9FD50EC084CC0ED15FC, 1CA899C0D48E69825DB27A4A52D8A3FEBA00A47C2D0E2FC0F5F358D15B7F3496 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
07:34:14.0539 0x17a0  TVTI2C - ok
07:34:14.0539 0x17a0  [ 760B34088C2AD8D634CC3784EF3A2CA2, 20D23EDBDE7EBBA495C032097E7C5B1C6F94037971D9B2D6B98ABE11E7FF3643 ] tvtvcamd        C:\Windows\system32\DRIVERS\tvtvcamd.sys
07:34:14.0555 0x17a0  tvtvcamd - ok
07:34:14.0571 0x17a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:34:14.0571 0x17a0  uagp35 - ok
07:34:14.0586 0x17a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:34:14.0617 0x17a0  udfs - ok
07:34:14.0633 0x17a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:34:14.0633 0x17a0  UI0Detect - ok
07:34:14.0649 0x17a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:34:14.0664 0x17a0  uliagpkx - ok
07:34:14.0664 0x17a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:34:14.0680 0x17a0  umbus - ok
07:34:14.0695 0x17a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:34:14.0695 0x17a0  UmPass - ok
07:34:14.0711 0x17a0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:34:14.0727 0x17a0  UmRdpService - ok
07:34:14.0773 0x17a0  [ A0153CC9D28568A10BDAEE5EC612CFC8, C980FBB978545A1DDCA9FAB88CD9468FE1EF39D93272F0BEE13B7625B9787547 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:34:14.0773 0x17a0  UNS - ok
07:34:14.0789 0x17a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
07:34:14.0820 0x17a0  upnphost - ok
07:34:14.0836 0x17a0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
07:34:14.0851 0x17a0  USBAAPL64 - ok
07:34:14.0883 0x17a0  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:34:14.0883 0x17a0  usbccgp - ok
07:34:14.0898 0x17a0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:34:14.0914 0x17a0  usbcir - ok
07:34:14.0945 0x17a0  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:34:14.0945 0x17a0  usbehci - ok
07:34:14.0976 0x17a0  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:34:14.0992 0x17a0  usbhub - ok
07:34:15.0007 0x17a0  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:34:15.0007 0x17a0  usbohci - ok
07:34:15.0023 0x17a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:34:15.0039 0x17a0  usbprint - ok
07:34:15.0054 0x17a0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:34:15.0070 0x17a0  usbscan - ok
07:34:15.0101 0x17a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:34:15.0117 0x17a0  USBSTOR - ok
07:34:15.0132 0x17a0  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:34:15.0132 0x17a0  usbuhci - ok
07:34:15.0148 0x17a0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:34:15.0163 0x17a0  usbvideo - ok
07:34:15.0179 0x17a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
07:34:15.0210 0x17a0  UxSms - ok
07:34:15.0210 0x17a0  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] VaultSvc        C:\Windows\system32\lsass.exe
07:34:15.0226 0x17a0  VaultSvc - ok
07:34:15.0226 0x17a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:34:15.0241 0x17a0  vdrvroot - ok
07:34:15.0257 0x17a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
07:34:15.0288 0x17a0  vds - ok
07:34:15.0304 0x17a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:34:15.0319 0x17a0  vga - ok
07:34:15.0335 0x17a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:34:15.0351 0x17a0  VgaSave - ok
07:34:15.0366 0x17a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:34:15.0382 0x17a0  vhdmp - ok
07:34:15.0397 0x17a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:34:15.0397 0x17a0  viaide - ok
07:34:15.0429 0x17a0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:34:15.0429 0x17a0  vmbus - ok
07:34:15.0444 0x17a0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:34:15.0460 0x17a0  VMBusHID - ok
07:34:15.0460 0x17a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:34:15.0460 0x17a0  volmgr - ok
07:34:15.0475 0x17a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:34:15.0491 0x17a0  volmgrx - ok
07:34:15.0507 0x17a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:34:15.0522 0x17a0  volsnap - ok
07:34:15.0538 0x17a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:34:15.0553 0x17a0  vsmraid - ok
07:34:15.0600 0x17a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
07:34:15.0663 0x17a0  VSS - ok
07:34:15.0663 0x17a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:34:15.0678 0x17a0  vwifibus - ok
07:34:15.0694 0x17a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:34:15.0709 0x17a0  vwififlt - ok
07:34:15.0741 0x17a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
07:34:15.0772 0x17a0  W32Time - ok
07:34:15.0787 0x17a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:34:15.0803 0x17a0  WacomPen - ok
07:34:15.0803 0x17a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:34:15.0834 0x17a0  WANARP - ok
07:34:15.0834 0x17a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:34:15.0850 0x17a0  Wanarpv6 - ok
07:34:15.0912 0x17a0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:34:15.0943 0x17a0  WatAdminSvc - ok
07:34:15.0975 0x17a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
07:34:16.0006 0x17a0  wbengine - ok
07:34:16.0021 0x17a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:34:16.0037 0x17a0  WbioSrvc - ok
07:34:16.0037 0x17a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:34:16.0068 0x17a0  wcncsvc - ok
07:34:16.0068 0x17a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:34:16.0084 0x17a0  WcsPlugInService - ok
07:34:16.0084 0x17a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
07:34:16.0099 0x17a0  Wd - ok
07:34:16.0115 0x17a0  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
07:34:16.0131 0x17a0  WDC_SAM - ok
07:34:16.0146 0x17a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:34:16.0177 0x17a0  Wdf01000 - ok
07:34:16.0209 0x17a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:34:16.0209 0x17a0  WdiServiceHost - ok
07:34:16.0224 0x17a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:34:16.0224 0x17a0  WdiSystemHost - ok
07:34:16.0255 0x17a0  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
07:34:16.0287 0x17a0  WebClient - ok
07:34:16.0302 0x17a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:34:16.0333 0x17a0  Wecsvc - ok
07:34:16.0333 0x17a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:34:16.0365 0x17a0  wercplsupport - ok
07:34:16.0365 0x17a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:34:16.0396 0x17a0  WerSvc - ok
07:34:16.0411 0x17a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:34:16.0443 0x17a0  WfpLwf - ok
07:34:16.0443 0x17a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:34:16.0458 0x17a0  WIMMount - ok
07:34:16.0474 0x17a0  WinDefend - ok
07:34:16.0474 0x17a0  WinHttpAutoProxySvc - ok
07:34:16.0505 0x17a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:34:16.0536 0x17a0  Winmgmt - ok
07:34:16.0599 0x17a0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
07:34:16.0661 0x17a0  WinRM - ok
07:34:16.0677 0x17a0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
07:34:16.0692 0x17a0  WinUsb - ok
07:34:16.0739 0x17a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:34:16.0770 0x17a0  Wlansvc - ok
07:34:16.0786 0x17a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:34:16.0786 0x17a0  WmiAcpi - ok
07:34:16.0801 0x17a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:34:16.0817 0x17a0  wmiApSrv - ok
07:34:16.0833 0x17a0  WMPNetworkSvc - ok
07:34:16.0848 0x17a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:34:16.0848 0x17a0  WPCSvc - ok
07:34:16.0848 0x17a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:34:16.0879 0x17a0  WPDBusEnum - ok
07:34:16.0879 0x17a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:34:16.0895 0x17a0  ws2ifsl - ok
07:34:16.0911 0x17a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
07:34:16.0926 0x17a0  wscsvc - ok
07:34:16.0926 0x17a0  WSearch - ok
07:34:17.0004 0x17a0  [ 39D604E190DFE2E483B637D6796ABAFF, 52DCCEA0DB59F00C615D94CC2B70FC1C335E553E8FC79AAC8C8C7D9EE1F6111D ] wuauserv        C:\Windows\system32\wuaueng.dll
07:34:17.0067 0x17a0  wuauserv - ok
07:34:17.0082 0x17a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:34:17.0098 0x17a0  WudfPf - ok
07:34:17.0113 0x17a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
07:34:17.0129 0x17a0  WUDFRd - ok
07:34:17.0129 0x17a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:34:17.0145 0x17a0  wudfsvc - ok
07:34:17.0160 0x17a0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:34:17.0176 0x17a0  WwanSvc - ok
07:34:17.0191 0x17a0  ================ Scan global ===============================
07:34:17.0207 0x17a0  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
07:34:17.0223 0x17a0  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
07:34:17.0238 0x17a0  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
07:34:17.0269 0x17a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:34:17.0285 0x17a0  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
07:34:17.0301 0x17a0  [ Global ] - ok
07:34:17.0301 0x17a0  ================ Scan MBR ==================================
07:34:17.0301 0x17a0  [ F85BC388F1063910E9090C0C09058AA3 ] \Device\Harddisk0\DR0
07:34:17.0566 0x17a0  \Device\Harddisk0\DR0 - ok
07:34:17.0566 0x17a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
07:34:17.0628 0x17a0  \Device\Harddisk1\DR1 - ok
07:34:17.0628 0x17a0  ================ Scan VBR ==================================
07:34:17.0628 0x17a0  [ 8469295FC361919D643694395630DE41 ] \Device\Harddisk0\DR0\Partition1
07:34:17.0659 0x17a0  \Device\Harddisk0\DR0\Partition1 - ok
07:34:17.0659 0x17a0  [ 81628702212638914EC8AACB23C167A7 ] \Device\Harddisk0\DR0\Partition2
07:34:17.0675 0x17a0  \Device\Harddisk0\DR0\Partition2 - ok
07:34:17.0675 0x17a0  [ BD45C166521DC4267B2E4B4EDD8359C4 ] \Device\Harddisk0\DR0\Partition3
07:34:17.0706 0x17a0  \Device\Harddisk0\DR0\Partition3 - ok
07:34:17.0706 0x17a0  ================ Scan generic autorun ======================
07:34:17.0706 0x17a0  ETDCtrl - ok
07:34:18.0003 0x17a0  [ 929364DA3BA708FE55878E56D58857D9, E70E57A877C0B6F4F89B1BC50A261788B1C58991B636F82540B061826EBF0F63 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
07:34:18.0268 0x17a0  RTHDVCPL - ok
07:34:18.0377 0x17a0  [ 813EE7316A9B44303D97DDE00626A527, 745F361D9EE969FC836D3D8B909BC9216471351AE828D2B3B6406245854FE01A ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
07:34:18.0408 0x17a0  RtHDVBg_Dolby - ok
07:34:18.0439 0x17a0  [ 97F0226F08527B9EE5DFDA5CAAB01015, 564E9CCF88EAABEC9E72D8B359C5616C7482C59AF5E77BDCC8B7DDF17FD5FD39 ] C:\Windows\system32\TpShocks.exe
07:34:18.0455 0x17a0  TpShocks - ok
07:34:18.0486 0x17a0  [ 8BD551253F86A558E15BBB29C64428FA, 3DF033C27118AB4F9719EC8682F329C1EB0B1BE8BD898CF39E98BFF6E0142CA7 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
07:34:18.0502 0x17a0  LENOVO.TPKNRRES - ok
07:34:18.0533 0x17a0  [ 2C8518B622C6429480507F24C21B6223, BA2FF253A3F6C53F4C24903DF406FFB37121792A49E29A5A58E753E62321C312 ] C:\Windows\system32\igfxtray.exe
07:34:18.0549 0x17a0  IgfxTray - ok
07:34:18.0564 0x17a0  [ 2700358647B5F0253756BF41564586E1, 859ECC17AAADCDAB6ED96FEC372522B69C44C50B7781F29B2B0EAAF13FD0C803 ] C:\Windows\system32\hkcmd.exe
07:34:18.0580 0x17a0  HotKeysCmds - ok
07:34:18.0595 0x17a0  [ 8D42A43CE49736478BF6FCE9DD3383CB, 7D1A7D4CAF468815BD8BFD324E60956F8A7B12E9714A0064742F403474C03E44 ] C:\Windows\system32\igfxpers.exe
07:34:18.0611 0x17a0  Persistence - ok
07:34:18.0611 0x17a0  LogMeIn GUI - ok
07:34:18.0627 0x17a0  [ 0307536FD43CC7BFB92F9DAC8DB913F1, 6C8BEDA4ADFBEF28E647B39B3EEA37A20BFE5C93C7EDA79471EFB46156197843 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
07:34:18.0627 0x17a0  RotateImage - detected UnsignedFile.Multi.Generic ( 1 )
07:34:21.0388 0x17a0  Detect skipped due to KSN trusted
07:34:21.0388 0x17a0  RotateImage - ok
07:34:21.0388 0x17a0  PWMTRV - ok
07:34:21.0435 0x17a0  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
07:34:21.0450 0x17a0  USB3MON - ok
07:34:21.0481 0x17a0  [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
07:34:21.0497 0x17a0  Dolby Advanced Audio v2 - ok
07:34:21.0622 0x17a0  [ C8BD6D2BD6D52259C2A672A86AA26A51, B790812B7B2A6BBEAD46E78D97358F7135386BDA8C95C8E936BE55286C8492D7 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
07:34:21.0715 0x17a0  Lenovo Registration - ok
07:34:21.0762 0x17a0  [ 41A87887FFFFB0CFB5E1E3D627B9FEB2, 8A138B2BED273363FE31820FE5D87743A85807837DAE028AED2EA1234DC82E64 ] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
07:34:21.0793 0x17a0  Fastboot - ok
07:34:21.0903 0x17a0  [ 1DC4A6EE016B1F7B0AA167D07F517B82, ECAC4F1D7AFE27DA78FC17EC509C5C3C6F5F87A62AA9DB2EAF9E3FD6D279C79A ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
07:34:21.0996 0x17a0  AVG_UI - ok
07:34:22.0027 0x17a0  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
07:34:22.0027 0x17a0  iTunesHelper - ok
07:34:22.0074 0x17a0  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
07:34:22.0074 0x17a0  SunJavaUpdateSched - ok
07:34:22.0480 0x17a0  [ 2C6DFC761F1DAE61940C7EAE97EBDB19, 93240B0EBA4788DA759CA1AF3DFE58883A67E241413A389F5A60360BEA6EC101 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
07:34:22.0792 0x17a0  Skype - ok
07:34:22.0854 0x17a0  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
07:34:22.0854 0x17a0  swg - ok
07:34:22.0917 0x17a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:34:22.0963 0x17a0  Sidebar - ok
07:34:22.0979 0x17a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:34:23.0010 0x17a0  mctadmin - ok
07:34:23.0010 0x17a0  Waiting for KSN requests completion. In queue: 233
07:34:24.0024 0x17a0  Waiting for KSN requests completion. In queue: 11
07:34:25.0038 0x17a0  Waiting for KSN requests completion. In queue: 11
07:34:26.0052 0x17a0  AV detected via SS2: AVG Internet Security 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.6081 ), 0x40000 ( disabled : updated )
07:34:26.0052 0x17a0  FW detected via SS2: AVG Internet Security 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.6081 ), 0x40010 ( disabled )
07:34:26.0115 0x17a0  Win FW state via NFP2: enabled ( trusted )
07:34:28.0923 0x17a0  ============================================================
07:34:28.0923 0x17a0  Scan finished
07:34:28.0923 0x17a0  ============================================================
07:34:28.0923 0x147c  Detected object count: 0
07:34:28.0923 0x147c  Actual detected object count: 0

Edited by jadallahyk, 16 September 2015 - 06:36 AM.


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 16 September 2015 - 11:42 AM

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif




Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 16 September 2015 - 11:43 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 17 September 2015 - 04:36 PM

Sorry for the delayed response, here is the Malwarebytes scan Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/17/2015 Scan Time: 5:22 PM Logfile: Malwarebytes Scan 092715.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.17.05 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Rita Bailey Scan Type: Threat Scan Result: Completed Objects Scanned: 413573 Time Elapsed: 12 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

#9 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 17 September 2015 - 04:41 PM

FRST log file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015

Ran by Rita Bailey (administrator) on RITABAILEY (17-09-2015 17:38:01)
Running from C:\Users\Rita Bailey\Downloads
Loaded Profiles: Rita Bailey (Available Profiles: Rita Bailey)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2simpleft.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-04-12] (Lenovo)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-09] (Google Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
Startup: C:\Users\Rita Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{735CB8F0-E55F-4BD7-935D-5AA1F169123A}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2720628314-3776284362-335876566-1001 -> {888EE720-594B-43DE-BA12-5BA43C98F787} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-16] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-16] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2720628314-3776284362-335876566-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Rita Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\894ovarx.default-1439600293711
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2720628314-3776284362-335876566-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Profile: C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
CHR Extension: (Google Drive) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
CHR Extension: (YouTube) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
CHR Extension: (Google Search) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\Rita Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1528432 2015-06-30] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-04-12] (Lenovo)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [188200 2013-01-28] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [55536 2013-04-12] (Windows ® Win 7 DDK provider)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [37112 2015-03-20] (Citrix Systems)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [260712 2012-01-30] (Realtek Semiconductor Corp.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-17 17:37 - 2015-09-17 17:37 - 00000000 ____D C:\Users\Rita Bailey\Downloads\FRST-OlderVersion
2015-09-17 17:34 - 2015-09-17 17:34 - 00001077 _____ C:\Users\Rita Bailey\Documents\Malwarebytes Scan 092715.txt
2015-09-16 07:32 - 2015-09-16 07:32 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Rita Bailey\Downloads\tdsskiller.exe
2015-09-15 21:04 - 2015-09-15 21:04 - 00029271 _____ C:\ComboFix.txt
2015-09-15 20:55 - 2015-09-15 21:04 - 00000000 ____D C:\Qoobox
2015-09-15 20:55 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-15 20:55 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-15 20:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-15 20:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-15 20:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-15 20:55 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-15 20:55 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-15 20:55 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-15 20:54 - 2015-09-15 21:02 - 00000000 ____D C:\Windows\erdnt
2015-09-15 20:51 - 2015-09-15 20:52 - 05635119 ____R (Swearware) C:\Users\Rita Bailey\Desktop\ComboFix.exe
2015-09-14 21:11 - 2015-09-14 21:11 - 00034429 _____ C:\Users\Rita Bailey\Downloads\Addition.txt
2015-09-14 21:10 - 2015-09-17 17:38 - 00022940 _____ C:\Users\Rita Bailey\Downloads\FRST.txt
2015-09-14 21:10 - 2015-09-17 17:38 - 00000000 ____D C:\FRST
2015-09-14 20:48 - 2015-09-17 17:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 20:45 - 2015-09-17 17:37 - 02191360 _____ (Farbar) C:\Users\Rita Bailey\Downloads\FRST64.exe
2015-09-14 20:38 - 2015-09-14 20:38 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 20:38 - 2015-09-14 20:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 20:38 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-14 20:38 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-14 20:38 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-14 20:34 - 2015-09-14 20:37 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Rita Bailey\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 20:06 - 2015-09-14 20:14 - 00000000 ____D C:\AdwCleaner
2015-09-14 20:04 - 2015-09-14 20:05 - 01660416 _____ C:\Users\Rita Bailey\Downloads\adwcleaner_5.007.exe
2015-09-14 19:29 - 2015-09-14 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2015-09-14 19:29 - 2015-09-14 19:29 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-14 19:29 - 2015-03-20 01:50 - 00131416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll
2015-09-14 19:29 - 2015-03-20 01:34 - 00037112 _____ (Citrix Systems) C:\Windows\system32\Drivers\monblanking.sys
2015-09-14 19:28 - 2015-09-14 19:28 - 00000000 ____D C:\ProgramData\Citrix
2015-09-14 17:38 - 2015-09-14 21:47 - 00000000 ____D C:\Users\Rita Bailey\AppData\Local\LogMeIn Rescue Applet
2015-09-08 17:37 - 2015-08-17 13:56 - 17890304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:37 - 2015-08-17 13:53 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:37 - 2015-08-17 13:49 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:37 - 2015-08-17 13:48 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:37 - 2015-08-17 13:47 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:37 - 2015-08-17 13:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:37 - 2015-08-17 13:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:37 - 2015-08-17 13:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:37 - 2015-08-17 13:46 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:37 - 2015-08-17 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-08 17:37 - 2015-08-17 13:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-08 17:37 - 2015-08-17 13:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-08 17:37 - 2015-08-17 13:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 17:37 - 2015-08-17 13:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 17:37 - 2015-08-17 13:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 17:37 - 2015-08-17 13:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 17:37 - 2015-08-17 13:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 17:37 - 2015-08-17 13:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 17:37 - 2015-08-17 13:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 17:37 - 2015-08-17 13:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 17:37 - 2015-08-17 13:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-08 17:37 - 2015-08-17 13:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-09-08 17:37 - 2015-08-17 13:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-09-08 17:37 - 2015-08-17 13:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 17:36 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:36 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:36 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:36 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 17:31 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 17:31 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 17:31 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 17:31 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 17:31 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 17:31 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 17:27 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 17:27 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 17:27 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 17:27 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 17:27 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 17:27 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 17:27 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 17:27 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 17:27 - 2015-08-04 14:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 17:27 - 2015-08-04 14:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 17:27 - 2015-08-04 13:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:27 - 2015-08-04 13:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:27 - 2015-08-04 13:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:27 - 2015-08-04 13:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:27 - 2015-08-04 13:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:27 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 17:27 - 2015-08-04 12:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:27 - 2015-07-22 20:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 17:27 - 2015-07-22 20:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 17:27 - 2015-07-22 20:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 17:27 - 2015-07-22 20:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 17:27 - 2015-07-22 20:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 17:27 - 2015-07-22 20:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 17:27 - 2015-07-22 20:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 17:27 - 2015-07-22 20:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 17:27 - 2015-07-22 20:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 17:27 - 2015-07-22 20:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 17:27 - 2015-07-22 20:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 17:27 - 2015-07-22 19:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 17:27 - 2015-07-22 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 19:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 17:27 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 17:27 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 17:27 - 2015-07-22 13:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 17:27 - 2015-07-22 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 17:27 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 17:27 - 2015-07-22 13:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 17:27 - 2015-07-22 13:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 17:27 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 17:27 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 13:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 17:27 - 2015-07-22 12:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 17:27 - 2015-07-22 12:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 17:27 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 17:27 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 17:27 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 17:27 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 17:27 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 17:27 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 17:27 - 2015-06-25 06:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 17:27 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 17:27 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:26 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 17:26 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 17:26 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 17:26 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:26 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:26 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:26 - 2015-08-26 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:26 - 2015-08-26 14:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:26 - 2015-08-26 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:26 - 2015-08-26 14:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:26 - 2015-08-26 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 17:26 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 17:26 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-29 16:48 - 2015-08-29 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-17 17:35 - 2013-11-21 19:22 - 01903144 _____ C:\Windows\WindowsUpdate.log
2015-09-17 17:30 - 2014-04-09 20:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 16:54 - 2014-04-09 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-17 03:30 - 2014-04-09 20:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 09:32 - 2014-04-09 20:13 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-15 21:04 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-09-15 21:01 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-09-15 20:50 - 2013-12-03 19:16 - 00000000 ____D C:\Users\Rita Bailey\AppData\Roaming\Skype
2015-09-15 18:53 - 2013-12-03 14:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-15 03:25 - 2014-04-09 20:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 03:25 - 2014-04-09 20:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 21:55 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-14 21:55 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 21:53 - 2013-12-02 21:32 - 00000000 ____D C:\Users\Rita Bailey\AppData\Local\CrashDumps
2015-09-14 21:47 - 2010-11-20 23:47 - 00675990 _____ C:\Windows\PFRO.log
2015-09-14 21:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-14 21:47 - 2009-07-14 00:51 - 00053647 _____ C:\Windows\setupact.log
2015-09-14 19:49 - 2013-12-02 22:33 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-14 19:49 - 2013-12-02 22:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-09-14 19:13 - 2014-01-27 09:44 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-14 19:13 - 2014-01-27 09:44 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-13 18:11 - 2009-07-14 01:13 - 00802650 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 04:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-12 03:28 - 2009-07-14 00:45 - 00462368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 03:27 - 2014-01-17 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 03:26 - 2013-02-11 14:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 03:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 03:09 - 2013-12-02 20:47 - 00000000 ____D C:\Windows\system32\MRT
2015-08-26 18:37 - 2013-12-02 20:47 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 17:33 - 2013-12-02 22:33 - 00122752 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-08-25 17:33 - 2013-12-02 22:33 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-08-25 17:33 - 2013-12-02 22:33 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
 
==================== Files in the root of some directories =======
 
2013-12-31 11:22 - 2013-12-31 11:29 - 0000811 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 00:25
 
==================== End of FRST.txt ============================

Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015

Ran by Rita Bailey (2015-09-17 17:38:22)
Running from C:\Users\Rita Bailey\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-12-02 11:27:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2720628314-3776284362-335876566-500 - Administrator - Disabled)
Guest (S-1-5-21-2720628314-3776284362-335876566-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2720628314-3776284362-335876566-1002 - Limited - Enabled)
Rita Bailey (S-1-5-21-2720628314-3776284362-335876566-1001 - Administrator - Enabled) => C:\Users\Rita Bailey
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
ExpressCache (HKLM\...\{1E084588-8CC6-4D1B-B904-B1A09DA22A52}) (Version: 1.0.82 - Diskeeper Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{ED8FAC5C-24F9-4F6B-9F9A-010360BDA1D2}) (Version: 8.3.1611 - Citrix Systems, Inc.)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.14 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.14 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
join.me (HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\JoinMe) (Version: 1.17.1.162 - LogMeIn, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.63.10 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4753.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1002 - Microsoft Corporation) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.1.1.1 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.15.2 - ELAN Microelectronic Corp.)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - ELAN (ETD) Mouse  (03/11/2013 11.4.15.2) (HKLM\...\BF3B18F68C9F06F6030FF378B77E479DCCEAA470) (Version: 03/11/2013 11.4.15.2 - ELAN)
Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2720628314-3776284362-335876566-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2720628314-3776284362-335876566-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
 
==================== Restore Points =========================
 
16-09-2015 00:00:00 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-09-15 21:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E5534C-CF27-4041-8580-668DC36F5F6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {079AB3A2-231E-4DBD-AF26-642804023C01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {08048DA8-695E-42BF-9F15-BD47E395B052} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {14C25445-66A3-446D-B8C5-F63E44A0184F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {3F423AB2-FD6C-4F51-AD51-03A24F3075BA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {5B8BB7AF-772B-4DA4-93CF-1EFA816E8F3B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {679462B7-FB92-4BC9-A4ED-94E7B48EF4B5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {75180CD3-6710-4E0D-9564-838328AB4B7C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {75770535-DE41-4484-A6E0-1CDDA3921111} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {7800AE6D-82AA-42E5-B8AA-CA7D4EAC3601} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {8D0D8991-BD51-4BAC-873C-13BC35750AC2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {B07DAAB0-B1BD-4F39-8E34-774FFC3F5495} - System32\Tasks\{7FCC5E38-23F8-4DFD-ABD2-958B0D7C373D} => pcalua.exe -a "C:\Users\Rita Bailey\Downloads\IE10_BlockerToolkit.EXE" -d "C:\Users\Rita Bailey\Downloads"
Task: {B1D588B0-523D-4132-9CB2-537D48E34E02} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
Task: {C4D0152A-F788-4CB4-844D-FFD3FF90A36F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {C960AE6B-7BCA-4242-A216-BC3A986CCC64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {D851CE05-D773-4998-BC9F-DB83F7290C41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {FC45A7B7-A1C4-49AB-82A0-BAE51CBDFFE5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-21 19:14 - 2012-03-19 02:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-21 19:16 - 2012-05-15 17:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-11-21 19:12 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-03-25 07:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-15 18:46 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-21 19:22 - 2013-04-12 05:41 - 00033520 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-11-21 19:17 - 2011-08-03 00:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-11-21 19:17 - 2011-08-03 00:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-11-21 19:11 - 2012-02-21 15:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-09-15 18:45 - 2015-08-11 20:57 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2720628314-3776284362-335876566-1001\...\nscorp.com -> hxxps://www2.nscorp.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2720628314-3776284362-335876566-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rita Bailey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3DF99A88-05AE-476C-A6DB-A2D788D5359C}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{2F56E7D1-A0E8-413F-876E-FE2BE22C7390}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C2B544DA-94F6-4BED-9787-537F01555E9A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{E6975B25-BC3A-4C14-8295-9D84873B2486}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F253B7B7-0A43-4E63-925D-05B07564ACF8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CC9E5AD6-CFB1-479C-A186-7F73655AF5C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E9CC37B-F691-4F5C-ACCC-B23FEAD3978D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7C33B566-183B-45F2-BD3A-4B525424ED79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{69ED0705-0FCE-4DB2-946A-089958A66B5D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4F7C8C1D-1846-4796-9C26-042C03C62BDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AD46C628-0F81-4097-9BC2-99607D79A2B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{962D1416-1197-435D-9F7C-A32C8EA6A0E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{89D9D386-8C0E-485D-AB08-7331F2E3AF45}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5295181F-83E1-4878-81B0-C94455AF76A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D5C5C23-904F-4E85-8E63-F436BEC649AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BF91EBF-8865-4B5F-9989-2189B08892C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE78AF0D-C102-489A-9E68-0329BAA81E4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5756FA89-D077-49B8-BE8E-AFA9494C71A9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A8160692-28A7-4AC8-BA46-5808F654295C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{352C43EB-BBC8-4A6F-A4C5-E7CE5BB192D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{549F0567-D809-4324-9607-39449F3E94B4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{056FC9CC-A8E0-4FE9-BA12-F07E486160A1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{587E6C8D-E0A0-47CC-87F3-4E0FB8F4763C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{22D5453F-EF70-4857-BA14-E546773B4B1A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{8D235151-5DD8-4E50-847E-1E62B9E278EE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EFC36E35-3232-4226-9C06-D0BEDD62014B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{A40C3199-F374-4EA1-9E76-82505D40BBD0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FF1DEE89-60C0-4676-9F18-0AFA9DF58D86}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0BBA8E52-94C1-4389-A6D6-C8EDB811E3CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{61660200-42D0-4B1C-A304-BBDDFA548932}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E57A0038-B448-4CF8-B9E7-9573E0D8981F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A8C535AB-79F2-4AA4-9FDF-0E125B96F87C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{80F24F6A-D686-4660-903B-FA21179AC60B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C1974A59-1FC5-4AFF-A09F-8EBF8477FF63}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C2A2C921-E553-47BD-AE5F-61CA408A20A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0D010930-7EBA-48F2-8B0D-2E018BCBB094}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0FD2EB51-D9D9-436D-8BA5-23423539DB9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0D4EA02-CCA9-4776-A7C1-B7CAC5032A3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E92D5B53-ED82-44E7-918B-D4C728B99EB6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2015 06:53:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2015 10:14:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/14/2015 09:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ONENOTEM.EXE, version: 15.0.4645.1000, time stamp: 0x53d855a1
Faulting module name: IMM32.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7ba53
Exception code: 0xc0000005
Fault offset: 0x000117c4
Faulting process id: 0x1340
Faulting application start time: 0xONENOTEM.EXE0
Faulting application path: ONENOTEM.EXE1
Faulting module path: ONENOTEM.EXE2
Report Id: ONENOTEM.EXE3
 
Error: (09/14/2015 09:47:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2015 07:13:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2015 08:17:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6099514
 
Error: (09/13/2015 08:17:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6099514
 
Error: (09/13/2015 08:17:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/12/2015 07:32:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16696 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1aec
 
Start Time: 01d0edb2e53b5b9c
 
Termination Time: 18
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/12/2015 07:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16696 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ed4
 
Start Time: 01d0edb2b61f9931
 
Termination Time: 15
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (09/15/2015 09:25:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (09/15/2015 09:01:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/15/2015 09:01:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/15/2015 08:59:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/15/2015 05:29:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
 
Error: (09/15/2015 05:28:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
 
Error: (09/15/2015 05:28:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
 
Error: (09/14/2015 09:47:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (09/14/2015 09:47:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.
 
Error: (09/14/2015 09:47:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
CodeIntegrity:
===================================
  Date: 2015-09-15 21:01:20.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-15 21:01:20.616
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-14 22:10:10.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:10:10.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:09:58.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:09:58.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:09:38.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:09:38.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:07:31.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-14 22:07:31.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 67%
Total physical RAM: 3671.87 MB
Available physical RAM: 1192.93 MB
Total Virtual: 7341.94 MB
Available Virtual: 4440.86 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:387.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2417E22E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 2417E227)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
 
==================== End of Addition.txt ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 18 September 2015 - 10:36 AM

Let's do a final check up to make sure that no other malicious files are present:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 19 September 2015 - 05:43 AM

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=51e014c4530d3d4b9eb623c3f05acc19
# end=init
# utc_time=2015-09-19 12:45:05
# local_time=2015-09-18 08:45:05 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25838
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=51e014c4530d3d4b9eb623c3f05acc19
# end=updated
# utc_time=2015-09-19 01:15:40
# local_time=2015-09-18 09:15:40 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=51e014c4530d3d4b9eb623c3f05acc19
# engine=25838
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-19 02:11:43
# local_time=2015-09-18 10:11:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2015'
# compatibility_mode=1053 16777214 100 98 4644959 128819487 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 55673126 194172153 0 0
# scanned=180479
# found=0
# cleaned=0
# scan_time=3363

So based on some of these scans it looks like the machine is clean but I'm still not able to launch AVG? Am I missing something?



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 19 September 2015 - 05:47 AM

Please un- and re-install AVG.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 20 September 2015 - 10:44 AM

AVG up and running again. Thanks again for your help. 

 

Are we all done?



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:50 PM

Posted 20 September 2015 - 10:59 AM

One last check:

Step 1

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 jadallahyk

jadallahyk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 20 September 2015 - 11:16 AM

Zoek.exe v5.0.0.0 Updated 19-09-2015
Tool run by Rita Bailey on Sun 09/20/2015 at 12:11:36.29.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rita Bailey\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/20/2015 12:12:30 PM Zoek.exe System Restore Point Created Successfully.

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Rita Bailey\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [avgsvc] - AVG Service - c:\program files (x86)\avg\framework\common\avgsvca.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\av\avgwdsvcx.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
R2 - [ExpressCache] - ExpressCache - c:\program files\diskeeper corporation\expresscache\expresscache.exe
R2 - [FastbootService] - FastbootService - c:\program files (x86)\lenovo\rapidboot hdd accelerator\fbservice.exe
R2 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R2 - [GoToMyPC] - GoToMyPC - c:\program files (x86)\citrix\gotomypc\g2svc.exe
R2 - [IBMPMSVC] - Lenovo PM Service - c:\windows\system32\ibmpmsvc.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LENOVO.CAMMUTE] - Lenovo Camera Mute - c:\program files\lenovo\communications utility\cammute.exe
R2 - [LENOVO.MICMUTE] - Lenovo Microphone Mute - c:\program files\lenovo\hotkey\micmute.exe
R2 - [LENOVO.TPKNRSVC] - Lenovo Keyboard Noise Reduction - c:\program files\lenovo\communications utility\tpknrsvc.exe
R2 - [LENOVO.TVTVCAM] - ThinkVantage Virtual Camera Controller - c:\program files\lenovo\communications utility\vcamsvc.exe
R2 - [Lenovo.VIRTSCRLSVC] - Lenovo Auto Scroll - c:\program files\lenovo\virtscrl\lvvsst.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [TPHKLOAD] - Lenovo Hotkey Client Loader - c:\program files\lenovo\hotkey\tphkload.exe
R2 - [TPHKSVC] - On Screen Display - c:\program files\lenovo\hotkey\tphksvc.exe
R2 - [UNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [avgfws] - AVG Firewall - c:\program files (x86)\avg\av\avgfws.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\av\avgidsagent.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [AvgAMPS] - AvgAMPS - c:\program files (x86)\avg\av\avgamps.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [Power Manager DBC Service] - Power Manager DBC Service - c:\program files (x86)\thinkpad\utilities\pwmdbsvc.exe
S3 - [PwmEWSvc] - Cisco EnergyWise Enabler - c:\program files (x86)\thinkpad\utilities\pwmewsvc.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SUService] - System Update - c:\program files (x86)\lenovo\system update\suservice.exe
S3 - [TPHDEXLGSVC] - ThinkPad HDD APS Logging Service - system32\tphdexlg64.exe [x]
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3672 MB
CPU Info: Intel® Core™ i5-3230M CPU @ 2.60GHz
CPU Speed: 2657.0 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver
Monitors: 1x; ThinkPad Display 1600x900 |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT80N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C:  450.6GB | Q:  13.7GB
Hard Disks - Free: C:  382.3GB | Q:  4.0GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 08/23/13 | LENOVO - 2560
Time Zone: Eastern Standard Time
Motherboard *: LENOVO 2481CTO
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG Internet Security disabled (Outdated)
Firewall: AVG Internet Security disabled
Internet Explorer Version: 9.0.8112.16421
Mozilla Firefox version: 40.0.3 (x86 en-US)
Google Chrome version: 45.0.2454.93
Adobe Reader version: 10.1.8.24
Sun Java version: 1.7.0_67 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-09-16 00:55:12 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-09-16 00:55:12 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-09-16 00:55:12 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-09-16 00:55:12 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-09-16 00:55:12 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\RITABA~1\AppData\Local\Temp ====
2015-09-19 00:46:11 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Rita Bailey\AppData\Local\Temp\ehdrv.sys
====== Java Cache =====
2015-09-20 02:54:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Rita Bailey\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4412029b
====== C:\Windows\SysWOW64 =====
2015-09-08 21:37:39 ECE88B73BA3BC6C8C9F8DCEC65F4AEE1 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 21:37:39 CEAB301E105D80105893BC5E1E1E9E1A 223232 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 21:37:39 7EE6110E0DA0B12F647AD55ADCA41CB6 1814016 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-09-08 21:37:38 DA01CD699E9263F422F10BE9035572E5 718848 ----a-w- C:\Windows\SysWOW64\jscript.dll
2015-09-08 21:37:38 9FE9CA8C4672C75C39AC21311DA83765 422400 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-09-08 21:37:38 92941E89DEFDF87EB0339ECFDB90EA8B 12388352 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-09-08 21:37:38 7257BA28C093EB928EAA0CC6C79FBA22 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-09-08 21:37:38 605FFF8DF63D05DB523E635A14DDB43C 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-09-08 21:37:38 522AAC75C97D9A94F9BAA1082B7873CC 353792 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 21:37:38 3C68F855B340000B13F0B2D7212BDE09 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 21:37:35 F597B24A7A17451E6DA6628BCD4F6175 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2015-09-08 21:37:35 DF9803C5EECD7D86105DE1CE8E1C0FA4 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 21:37:35 D2BDAE18262438BB07153281AC18C00C 1804288 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-09-08 21:37:35 AB7ABEFC9FF41A0D33EE8B8B64DA395D 1139712 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-09-08 21:37:35 943F018C7C23083043C9671D74133E59 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 21:37:35 791217AF6D3BE82D5E1A1A9B5EBA2547 41472 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
2015-09-08 21:37:35 4992E44A37E2508DC03DA86439963234 367616 ----a-w- C:\Windows\SysWOW64\html.iec
2015-09-08 21:37:35 26E2205C719B82673D90C6FB5237AD26 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 21:37:35 03E14013CBEAECE9F08BA6B05D527736 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe
2015-09-08 21:37:34 FC4FF2B7C725EFD41266DE859B305E6D 65536 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 21:37:33 C05D2C9A1967E23E7EAF5483CD412C22 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2015-09-08 21:37:33 63E553102D5A2322A538AEAD12FDAC97 9751040 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-09-08 21:36:29 F5811FD860256CD6A1F19A168EBE0C80 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll
2015-09-08 21:31:49 449A5A6D6B6F1ECB27ADA3002382D3BC 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2015-09-08 21:31:47 A691D4B4B4167F56A717C421F9CF58C7 1372160 ----a-w- C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 21:31:46 52213D271F6804AAA44F57AEFD2B778A 67584 ----a-w- C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 21:27:46 B83B25734C88C16026DFA483C5FE2107 3934656 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 21:27:46 82CBE024109D89FFE27DB8601792758A 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll
2015-09-08 21:27:46 8006BA4CA962EEE6DACE3DE36AA0D21D 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-09-08 21:27:46 7798C39730CA28B18F8CC45EDBB479DC 3989952 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 21:27:46 0E1490FB24DF3386AF80F66107A8515C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll
2015-09-08 21:27:45 1E679BB6671C67B2097A5E53D884D4D0 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2015-09-08 21:27:44 F58753FAEE561563530D110D1DA78DF4 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-09-08 21:27:44 EEEE7A2838CA49C320DF8223E1B347AC 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 21:27:44 D16F40BF0B23926923A28ABF513A00B1 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-09-08 21:27:44 C352009A3BE68D131EA4CDBBE55C253C 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 21:27:44 634C2FE10334B1EEA16EAABDE73144D7 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 21:27:44 3F4331E86DDFDEBDEAB55B24B4DFDC46 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-09-08 21:27:43 E770E00C9545F16076E2A9F2F2905C3C 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 21:27:43 E0C16BFACA71201C18B8063299D21ABD 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-09-08 21:27:43 BDDF8431790A4818B39889346337EA9F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-09-08 21:27:43 933992B9C0E6FA3574A669D189B144AD 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-09-08 21:27:43 772D885BBEA6CD0A20BC6C24E63DB9E6 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 21:27:43 479AA7AB66720972BB05F6DE71169452 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 21:27:43 43FFE2ED0632B955A3050355074BE7CF 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-09-08 21:27:43 36347E68456774A4C1587EC1289CD1A1 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2015-09-08 21:27:43 34026F26713F620CF9C4E62AE1F5738F 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 21:27:43 2B071656FF8452CE9FFD379F50F873B6 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-09-08 21:27:43 2AC019AF62835EA83ACB16390A7E62F2 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-09-08 21:27:41 D0D0AB5CA02B07A9C1D566E76C49A95C 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-09-08 21:27:41 9B6E2DAADE259537BA7B14C2C3759F77 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-09-08 21:27:41 8E0D294A30DE08CCB5FFB6A464BC96C5 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 21:27:41 5D42935FE1D6038C3C91789705F02F1E 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-09-08 21:27:41 4C19F6E5686D7484C2D74525C201F926 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-09-08 21:27:41 310E1CAC29BBF0736617E7A34C5A4BF5 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-09-08 21:27:18 672CCD96BAB00F869D4F46A148FCCBAE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2015-09-08 21:27:09 2032B7698A8DCA5E157FD4ED153E9A76 1391104 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2015-09-08 21:27:08 F615574BF6B81533F3382856BE359237 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 21:27:08 BF49B5D47D80D8711E3D54C8E0A59130 1241088 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2015-09-08 21:27:08 4DF7AD468DA9828D4B704805EEE2C7B1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 21:27:02 E08E3E101A15FF4966AA3B2E86CF9806 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll
2015-09-08 21:26:40 DD126C4EA72C9D55A7BAE2C9326C4704 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2015-09-08 21:26:40 68054F129D15CE0A50E1E3841222A166 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll
2015-09-08 21:26:40 4629ED2D48E8DBB78A87CA219DAE6513 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2015-09-08 21:26:40 415FB89174E6D8BFC885A00A01C3446B 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll
2015-09-08 21:26:40 2748108963E56A7A0CF05F19501DF832 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll
2015-09-08 21:26:38 EA010D8C6C63EA28BA9EB360403E5F85 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 21:26:38 DC45670BF6EB8D7472EEB1D544B51C6B 30208 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-09-08 21:26:38 80DA9F3867192A12059906D742E22091 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-09-08 21:26:38 18703D7AD19222F508B83BFFC015D37D 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-09-08 21:26:38 0FC51CD52CB71243C4E5E291ED717C97 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-09-14 23:29:10 56EF9A1706E4774FB4194C05D4A2E5AD 131416 ----a-w- C:\Windows\Sysnative\gotomon_x64.dll
2015-09-08 21:37:39 B55883570CEF2A3B622E90653076DCB2 2348544 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-09-08 21:37:39 685F7F800E1292B2DC957CF3152EB20E 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-09-08 21:37:38 C21F2AA5CF54434F18D6B42BBD0A9393 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-09-08 21:37:38 B9F58DE998AF7D686F5D8EC383807544 282112 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-09-08 21:37:38 B3007564A9DD82DBFC2ED0205D6F483B 600576 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-09-08 21:37:38 800CFE87DAF85496D9E91A882A4EA023 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-09-08 21:37:38 780EE13DBB66FA0314B3D14A617F5220 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-09-08 21:37:38 39A6A839CF3A2ED2CB34FD8E8BA4E2CB 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-09-08 21:37:37 88056C867A30AD525FD6ADE0B633FE85 817664 ----a-w- C:\Windows\Sysnative\jscript.dll
2015-09-08 21:37:37 3C002BB98EB7D38327D536B029642CDC 86016 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-09-08 21:37:36 1C630BAE223B5A5BB87BB2E27DE89565 17890304 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-09-08 21:37:35 ECA36A267D9A34545499717B21DB5776 1387520 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-09-08 21:37:35 AB2719A88E56D57F075F25089C03834F 2158080 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-09-08 21:37:35 965DEEA8AA1378334C90FA722D6C2BB4 448512 ----a-w- C:\Windows\Sysnative\html.iec
2015-09-08 21:37:35 59C669D0A9BAB0116A6EF7C5ADEE72CF 55296 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
2015-09-08 21:37:35 515830A2008F8878C823B55C8A8D9415 173568 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-09-08 21:37:35 47C019F14DBB423CA434B59D7085EC3C 237056 ----a-w- C:\Windows\Sysnative\url.dll
2015-09-08 21:37:35 033DD1AA9DB4477D9CB04982288482C5 12800 ----a-w- C:\Windows\Sysnative\mshta.exe
2015-09-08 21:37:34 9A9E56ADF7764715118EFFFBF45120FB 10936832 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-09-08 21:37:34 77730DC104946053F5092D7CBE15EBF8 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-09-08 21:37:34 0CCACC75B5EF43181BC192A1562D2868 1494016 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-09-08 21:37:33 F685A0D4EEE1982A8C4F24B2F5E8FE61 11264 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
2015-09-08 21:36:29 E2B939D646418AC4F85C42F0E7790EC9 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll
2015-09-08 21:36:29 28CAE76925107A4D5FBB63EC0A7DCA51 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll
2015-09-08 21:36:27 40686B59C127F0C93B4234E4A1E3472A 1110016 ----a-w- C:\Windows\Sysnative\schedsvc.dll
2015-09-08 21:31:49 532D9A504A429D4EECC12ABAEA3BB65F 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2015-09-08 21:31:47 502237267638281B1365D1F20082AECF 1632256 ----a-w- C:\Windows\Sysnative\dwmcore.dll
2015-09-08 21:31:46 B8542140074D2B51FDC55E6907996CC4 82944 ----a-w- C:\Windows\Sysnative\dwmapi.dll
2015-09-08 21:27:49 ED824E1EAE1C16C5B1902213FE093CED 41984 ----a-w- C:\Windows\Sysnative\UtcResources.dll
2015-09-08 21:27:49 EC3F433D00365F1A9BC3411BCA7C7140 1390592 ----a-w- C:\Windows\Sysnative\diagtrack.dll
2015-09-08 21:27:48 9C261AB78DE420AA52FC08D69FD5745D 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2015-09-08 21:27:48 4DDF9E4ECE29127A6FE95535D809ADDE 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll
2015-09-08 21:27:48 3B5D6CAC765E86BE07AA7959A35D553C 879104 ----a-w- C:\Windows\Sysnative\tdh.dll
2015-09-08 21:27:48 0F97C5BD7D2FCBA9F2E6A69CBAEC389E 5568960 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-09-08 21:27:46 D8B8F5CC7C1CEF41AB8966053DFFF9C8 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2015-09-08 21:27:46 C76537387488A98C6E8A70A5FF11C467 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll
2015-09-08 21:27:45 C677AF63CF92603175332927B0346EE9 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-09-08 21:27:44 F7E793AD6169C0CE79E8A3B29E37C750 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
2015-09-08 21:27:44 A87E3AB7D2BAFB91B0EC64197A3B5373 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2015-09-08 21:27:44 8BAF399B21A1A72E11C7A2A7BCCDDB81 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-09-08 21:27:44 8927015C999D55D9B4AC66000EE5343D 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2015-09-08 21:27:44 84F5617F3EDAE4AB573C87BDE53B3132 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-09-08 21:27:44 7F34310CE16A2B5746399411CD8A5360 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2015-09-08 21:27:44 7D09CF46F69DC1581668D7D709F7374C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-09-08 21:27:44 73C38271F5694681506A17861112CC80 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2015-09-08 21:27:44 6CBA747B9CFBC875C59D9BC3ECA6E77E 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2015-09-08 21:27:44 50EEE09D03B94A13DFEFEFC1D774FC31 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2015-09-08 21:27:44 493392E8355908346D6B41B34BAC4679 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll
2015-09-08 21:27:44 4305BB5CA8D225C5A161F8472469A40F 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2015-09-08 21:27:44 3375DC60062A5AA8245B035C4515B05E 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2015-09-08 21:27:44 2508F4DE1F4E6F9EEEE390EA1CA4B309 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2015-09-08 21:27:44 11A9529B8D9393F6375716ABB7D02725 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-09-08 21:27:43 FDD980360C9D72DA77F4C59376AE95C9 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
2015-09-08 21:27:43 E56F2CCCB1AE74A740B8F89818C0380F 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll
2015-09-08 21:27:43 D4860FC70A0F6A677431ADA631337980 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2015-09-08 21:27:43 D2302AF1408814BB6707BC1C100F3ACE 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2015-09-08 21:27:43 9F88B26479CE17A4E12184EF822AB679 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2015-09-08 21:27:43 8B72424954DC83CD63275DD0337AF20D 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2015-09-08 21:27:43 62B3F534E66734AD90E02CDFC2BD611A 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2015-09-08 21:27:43 3FE2ED1A5431BFD640478B2C78EA5E4D 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2015-09-08 21:27:43 37343B1CB862001DB49127FD9E5D7539 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2015-09-08 21:27:43 0FF5EA8EBF5EA9CE77A0D18C24AA97FB 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-09-08 21:27:41 F079E06E7DBDAE06B59CEEACF764A937 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2015-09-08 21:27:41 9EECE7648CD3887FC47B1861736ECD66 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2015-09-08 21:27:41 4DE7B857726C3A9856C3D9A643748DC3 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2015-09-08 21:27:41 337D2165A65FAAB19FA00D6F43A54609 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2015-09-08 21:27:18 CF04BDEC90C2AFF1120D1D49647177E7 1941504 ----a-w- C:\Windows\Sysnative\authui.dll
2015-09-08 21:27:18 3EA5DA3F459F6ED19E10166965F6892F 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll
2015-09-08 21:27:18 2E0A046F24D89C807B10FE3D202F1238 115136 ----a-w- C:\Windows\Sysnative\consent.exe
2015-09-08 21:27:09 FDE5C7F271A8424B019EEFDAFD8CBD75 2004480 ----a-w- C:\Windows\Sysnative\msxml6.dll
2015-09-08 21:27:09 F06A3A6A49F6E059D6727A215A8FAA70 1887232 ----a-w- C:\Windows\Sysnative\msxml3.dll
2015-09-08 21:27:08 A25E5E8A16E0BA2A74390EA63319BE1D 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2015-09-08 21:27:08 3940461513FE8C7D94D76CCDBC783B93 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll
2015-09-08 21:27:02 65825DC78742A89C59C1184D9D36091B 147456 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe
2015-09-08 21:27:02 2BFD9C958A2E08D6486FB2A688D2F2F4 616360 ----a-w- C:\Windows\Sysnative\winresume.efi
2015-09-08 21:27:02 21267F39EAB62396E79C80089E912DA9 692672 ----a-w- C:\Windows\Sysnative\winload.efi
2015-09-08 21:27:02 1CE43325025DECB0035A55720814A7A3 59392 ----a-w- C:\Windows\Sysnative\appidapi.dll
2015-09-08 21:27:02 173C90AF5B243B4DD86F95CA154CB58A 32768 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2015-09-08 21:27:01 7EA98A87FBFCAD2E0650EA1F1AB51D88 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe
2015-09-08 21:27:01 056C9A75342F6545A4B864B9C703E380 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll
2015-09-08 21:26:41 891D1D6C4B8D4E929F247F97C6214C9A 3209216 ----a-w- C:\Windows\Sysnative\win32k.sys
2015-09-08 21:26:40 AA9DF61A0B6A39EF36C3393DDE325F58 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll
2015-09-08 21:26:40 92828C27E59DCC79AD70681DC70C3A41 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll
2015-09-08 21:26:40 774236E3A89C838E774241CD2B66791B 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll
2015-09-08 21:26:40 5E258B6D3D1A6F038A757FB70BA78037 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2015-09-08 21:26:40 0E8D254B70E880F032036BFD45266754 41984 ----a-w- C:\Windows\Sysnative\lpk.dll
2015-09-08 21:26:38 F8CE5FBDA334941FB1034D1DAF6F9301 3165696 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-09-08 21:26:38 F78B95558E150F8DBA1DBE873C8FADCA 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-09-08 21:26:38 E466B59224B351EB0F51D30477F0FE59 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-09-08 21:26:38 CE08490157D7C871A4F1E9D8057EC2A1 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-09-08 21:26:38 A6ACBEF520B03C4CF251C869B9912EDE 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-09-08 21:26:38 6F53D7D35C390B8A1C8761A8BF307690 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-09-08 21:26:38 39D604E190DFE2E483B637D6796ABAFF 2606080 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-09-08 21:26:38 292F9D085D79C09973C55007FBBDFB4B 36864 ----a-w- C:\Windows\Sysnative\wups.dll
2015-09-08 21:26:38 1559BBD74DA38146373727FE368A65C6 37888 ----a-w- C:\Windows\Sysnative\wups2.dll
2015-09-08 21:26:38 0C22CADE768D444A4CC0DA273486EDFA 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2015-09-08 21:26:38 04ABD36541EB9B8070CDAFF933EAB4E5 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe
====== C:\Windows\Sysnative\drivers =====
2015-09-15 00:48:43 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-09-15 00:38:24 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-09-15 00:38:24 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-09-15 00:38:24 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-09-14 23:29:09 75438E2C1B3837DB84E2E54016E5E6F9 37112 ----a-w- C:\Windows\Sysnative\drivers\monblanking.sys
2015-09-11 19:59:08 D670EA803C3D2B93A0FCC866ECF2CCD5 312752 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys
2015-09-08 21:27:44 E4DC0909B5EACB5BF50F6252095BCFF2 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-09-08 21:27:44 A405647429DE231CD954D93F792CFBA2 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-09-08 21:27:43 7D65B5E9573A26C204AA547457DBF544 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-09-08 21:27:43 62CEA59FF56B66154E08BD51D87392C2 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-09-08 21:27:43 43E1F4B0EFDC244D2A83995CCD7846F7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-09-08 21:27:01 A0711D119BA4B48A1470C768D301013E 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-08-29 19:31:02 7D869864BDA9C5B3D97B77F3FACC24BC 97208 ----a-w- C:\Windows\Sysnative\drivers\avgfwd6a.sys
2015-08-28 16:45:24 C4E3545CA0F3F93F340F23142266A80D 301488 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-09-19 00:43:59 -------- d-----w- C:\PROGRA~2\ESET
2015-09-14 23:29:08 -------- d-----w- C:\PROGRA~2\Citrix
======= C: =====
====== C:\Users\Rita Bailey\AppData\Roaming ======
2015-09-20 01:30:26 -------- d-----w- C:\Users\Rita Bailey\AppData\Roaming\AVG
2015-09-20 01:29:08 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2015-09-20 01:16:58 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg
2015-09-20 01:09:51 -------- d-----w- C:\Users\Rita Bailey\AppData\Local\AvgSetupLog
2015-09-20 01:07:14 -------- d-----w- C:\Users\Rita Bailey\AppData\Local\Avg2015
2015-09-20 01:06:45 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-09-16 01:04:37 -------- d-----w- C:\Users\Public\AppData\Local\temp
2015-09-16 01:04:37 -------- d-----w- C:\Users\LogMeInRemoteUser\AppData\Local\temp
2015-09-16 01:04:37 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-09-16 01:04:37 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2015-09-14 21:38:12 -------- d-----w- C:\Users\Rita Bailey\AppData\Local\LogMeIn Rescue Applet
====== C:\Users\Rita Bailey ======
2015-09-20 01:28:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-20 01:14:10 -------- d-----w- C:\ProgramData\Avg
2015-09-19 00:42:28 C5B68AC8EC40CAB217AB4F479B953B54 2870984 ----a-w- C:\Users\Rita Bailey\Downloads\esetsmartinstaller_enu.exe
2015-09-16 11:32:06 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\Rita Bailey\Downloads\tdsskiller.exe
2015-09-16 01:04:37 -------- d-----w- C:\Users\Public\AppData
2015-09-15 00:45:50 F75D1F133486A04F8B5299C754CD92AA 2191360 ----a-w- C:\Users\Rita Bailey\Downloads\FRST64.exe
2015-09-15 00:34:19 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Rita Bailey\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-15 00:04:55 080B16BA75F35930D761A96C073131C7 1660416 ----a-w- C:\Users\Rita Bailey\Downloads\adwcleaner_5.007.exe
2015-09-14 23:29:10 -------- d-----w- C:\ProgramData\CitrixLogs
2015-09-14 23:29:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2015-09-14 23:28:32 -------- d-----w- C:\ProgramData\Citrix

====== C: exe-files ==
2015-09-20 01:30:32 EE9AB8AC1CB06B11BADA9CB36883B82A 71592 ----a-w- C:\ProgramData\Avg\Setup\av\avguirux.exe
2015-09-20 01:30:32 BC9BD71B36D1AC0C315A9A03903AF52A 5932200 ----a-w- C:\ProgramData\Avg\Setup\av\avgmfapx.exe
2015-09-20 01:28:03 D9E0C0DAB6BDFCCF50145C20BFE89A59 356776 ----a-w- C:\Program Files (x86)\AVG\Av\avgndisa.exe
2015-09-20 01:14:10 C209C1E20EC20811EE415A165A8DEC01 2875304 ----a-w- C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
2015-09-20 01:14:10 BC202724F9196F919F186E0A662CB3B5 2219432 ----a-w- C:\Program Files (x86)\AVG\Setup\avgsetupwrkx.exe
2015-09-20 01:14:10 70B0826DF9F32DE60D6FA8D6010AA83C 778152 ----a-w- C:\Program Files (x86)\AVG\Setup\avgntdumpx.exe
2015-09-19 00:45:04 F0B5FAE0268D84B1CE6EA3B98D4D69EB 331464 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-09-19 00:45:04 E78517BD20C282FBCA150D2B3ACCC760 2870984 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-09-19 00:45:04 B23901621E5BD2EF1AAC3E6E6CB9E7FF 422600 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-09-19 00:45:04 4B0F506ACF0A8AE6D6B3E4CF6778B722 122568 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-09-19 00:45:04 21B9AB1916917F9476B767F605345E62 532168 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-09-19 00:42:28 C5B68AC8EC40CAB217AB4F479B953B54 2870984 ----a-w- C:\Users\Rita Bailey\Downloads\esetsmartinstaller_enu.exe
2015-09-17 21:37:28 F75D1F133486A04F8B5299C754CD92AA 2191360 ----a-w- C:\Users\Rita Bailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OARISH7\FRST64[1].exe
2015-09-16 13:30:42 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Install\{56362763-E2D0-4C94-AD84-906C827BD5BC}\45.0.2454.93_45.0.2454.85_chrome_updater.exe
2015-09-16 13:30:42 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.93\45.0.2454.93_45.0.2454.85_chrome_updater.exe
2015-09-16 11:32:06 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\Rita Bailey\Downloads\tdsskiller.exe
2015-09-16 00:55:12 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-09-16 00:55:12 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-09-16 00:55:12 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-09-16 00:55:12 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-09-16 00:55:12 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2015-09-15 22:48:25 F9CF415BD0D49BC6845122D683D5D454 39592 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe
2015-09-15 22:48:25 EF18BD7C47705FE5703348E05B5F50BB 550584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe
2015-09-15 22:48:24 4477C3FFC77CCD64555C0D3AA8509278 1136752 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
2015-09-15 22:47:38 6D76A3837057C9209ABFD11CEE9211BE 5774552 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe
2015-09-15 22:47:36 F692233794251ED9BE6DB00F73491E56 474344 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe
2015-09-15 22:47:36 D7306DFD70CB442E558F9716502629A6 842448 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe
2015-09-15 22:47:35 851E86611A968EEF969736137921E945 7899256 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe
2015-09-15 22:47:27 9D18F1BD22753E68139458EF08E82643 1923232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\winword.exe
2015-09-15 22:47:22 7A631A334B3EEC817B66C30DF8A80017 912456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
2015-09-15 22:47:21 695BB34036009EBC695E8E36961FC980 528584 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe
2015-09-15 22:47:16 DAF18F5117F5E4045C3CB23180C60A05 873648 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2015-09-15 22:47:16 D1EE54672FF8C94ADD1F2332F04FEF1E 480984 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe
2015-09-15 22:47:13 D65CE49672FAB5B5C28786B2CF8BA52B 18996904 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
2015-09-15 22:46:53 83322E7A4D0F1DA9A990760689A27947 195248 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
2015-09-15 22:46:51 8F9D296DE404F6CC75D2E461ABC2E4C6 1544408 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ocpubmgr.exe
2015-09-15 22:46:51 2AB2247269F6B69A1EC63DE0D421FE67 1762472 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\onenote.exe
2015-09-15 22:46:46 A31193309D3FE86BADB6B5E0639A0E4C 10758312 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\mspub.exe
2015-09-15 22:46:46 98DCC97D77BD8238C20784C8E1BDFE26 450656 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
2015-09-15 22:46:45 FAC49A404909145270AD54235499EC0B 15519912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe
2015-09-15 22:46:45 C5DDE71D743D65BE71920D2DB51E6AB5 500320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msouc.exe
2015-09-15 22:46:42 3947B047693CADB03F32E8536E334393 6738496 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe
2015-09-15 22:46:41 BDE11AB9556D221C1CC6B4D0276BBE78 24059464 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lync.exe
2015-09-15 22:46:40 8462DCDA149531992EA5505BF56B2152 517360 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe
2015-09-15 22:46:39 5017761A6F4C683280357CBE14569380 26201152 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe
2015-09-15 22:46:38 DA8625890F07CA53C0AB32CF74E92899 8756832 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\groove.exe
2015-09-15 22:46:37 8EB07034FD45F1AEF75A5DB79E63EF8E 22411424 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2015-09-15 22:46:27 D8AC60F2B7458A160CAF81ECA5AACFF2 33448 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\appsharinghookcontroller.exe
2015-09-15 22:43:28 F7DEA11F7DDEB8C2B00B8CF28641D4FD 571024 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2015-09-15 22:41:58 EBDFDC3BC00B8D0965B69CF900649E73 630992 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2015-09-15 07:25:01 FAC17E42199598C0352B9F5DC2EFFC85 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe
2015-09-15 07:25:01 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateSetup.exe
2015-09-15 07:25:01 77352A5A0833B1CA3B771148DA535CB6 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe
2015-09-15 07:25:01 61A77DDEF5E8D85E8B0955C4E5127B39 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateBroker.exe
2015-09-15 07:24:54 E337785DA1958E9AB02DDB2369EF46E8 307016 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
2015-09-15 07:24:54 BFDCC0375C492C524E78647CEED3F77D 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe
2015-09-15 07:24:54 A72BB48D9014A7D7C05F02F595F52D60 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
2015-09-15 07:24:53 053EEEE1ABAE53F044F1E386E22AE525 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdate.exe
2015-09-15 07:24:50 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Install\{1EE237B4-7F99-4613-A185-0DCB20B88B02}\GoogleUpdateSetup.exe
2015-09-15 07:24:50 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe
2015-09-15 00:45:50 F75D1F133486A04F8B5299C754CD92AA 2191360 ----a-w- C:\Users\Rita Bailey\Downloads\FRST64.exe
2015-09-15 00:45:50 1152FCAD72A5E38D21747824B69F9659 2190848 ----a-w- C:\Users\Rita Bailey\Downloads\FRST-OlderVersion\FRST64.exe
2015-09-15 00:34:19 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Rita Bailey\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-15 00:04:55 080B16BA75F35930D761A96C073131C7 1660416 ----a-w- C:\Users\Rita Bailey\Downloads\adwcleaner_5.007.exe
=== C: other files ==
2015-09-19 00:46:11 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Rita Bailey\AppData\Local\Temp\ehdrv.sys
2015-09-15 22:52:34 98B9B5FFF139F9469F75682D917A86F8 86718 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\Microsoft.Lync.Model.zip
2015-09-15 00:48:43 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-09-15 00:38:24 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-09-15 00:38:24 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-09-15 00:38:24 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-09-14 23:29:09 75438E2C1B3837DB84E2E54016E5E6F9 37112 -c--a-w- C:\Windows\System32\DRVSTORE\monblankin_24DF15B418F8C3AC00711F5F9C8508E9A2722F71\monblanking.sys
2015-09-14 23:29:09 75438E2C1B3837DB84E2E54016E5E6F9 37112 ----a-w- C:\Windows\System32\drivers\monblanking.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2720628314-3776284362-335876566-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Dolby Advanced Audio v2"="C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe -autostart"
"Lenovo Registration"="C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot"
"Fastboot"="C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe /analysis"
"AVG_UI"="C:\Program Files (x86)\AVG\Av\avgui.exe /TRAYONLY"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /fmw.trayonly"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"TpShocks"="TpShocks.exe"
"LENOVO.TPKNRRES"="C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"LogMeIn GUI"="C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Folders ======================

2015-08-05 10:43:44 1106 ----a-w- C:\Users\Rita Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/12/2015 11:39 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 05:18 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 05:18 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\DiskUpdate" [C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\PMTask" [C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Intel\Intel Service Manager" ["C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe"]
"C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\TVT\TVSUUpdateTask" ["C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe"]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sun 09/20/2015 at 12:15:30.14 ======================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users