Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scam by Quicken wanna be. Am I really infected?


  • This topic is locked This topic is locked
12 replies to this topic

#1 jackiegreeno

jackiegreeno

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 14 April 2016 - 06:15 PM

I posted this in the general forum and it was suggested that I post here to make sure I'm doing what is right to make sure they didn't do anything to my PC.  Copy and paste below:

 

I was having trouble downloading transactions from my Credit Union with Quicken.  I called the bank, as this is a new account, but I had successfully downloaded two separate accounts once.  The girl was obviously just trying to help and must have done a google search.  She told me to call a Quicken Expert and actually transferred the call, but gave me the number to write down, in case the connection failed.  A technician who did not speak fluent English asked to share my screen so he could see what is going on.  He asked a bunch of questions about the program and I pointed out the One Step Summaries showing that it connected but there were no new transactions and there were.  He then proceeded to do a DOS command c:\windows\system32\cmd.exe-tree.  At the end of this long series it said koobface was found in network.  Scared the bejesus out of me about this dangerous worm and how fast it could destroy everything.  Forwarded me to a "senior" tech for repair, who reiterated about the seriousness (in a little better English than the first guy).  As soon as he said he would fix my PC for $169.99, I said "Hold on....how are you associated with *******credit union?"  He exited all the notepad notes that he had open and the command prompt box disappeared, as well.  I tried to duplicate the line, but it kept coming up an error with the "-tree".  I tried spaces and still error.  When I typed it in with just a space after the cmd.exe and a \ at the end, it worked and I sure didn't see anything about koobface.  I have run malwarebytes and MSE (both updated) and nothing found.  I also did AdWare.  How am I to be sure it isn't in there?  How the heck could he make the "koobface found in the network" come up about 6 times at the end of the DOS report?

 

I did a Google search for that wretched telephone number an a whole bunch of URL's came up.  800-406-3148  All were NOT quicken.  Beware.

 

Any assistance will be much appreciated.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 14 April 2016 - 07:06 PM

Greetings jackiegreeno and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jackiegreeno

jackiegreeno
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 15 April 2016 - 08:05 AM

Hi Gary,

Yes, please call me Jackie.  My biggest concern was whether or not they "left" anything dangerous on my PC.  My husband connects to our network with his company's laptop and that "person" said that every computer that connects to this network is doomed.  Here is the cope and past of the two FRST64 files:  I will then continue with the msinfor32 and send

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Jackie (2016-04-15 08:53:49)
Running from C:\Users\Jackie\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-01-26 17:29:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4007026787-4011452002-2333655496-500 - Administrator - Disabled)
Guest (S-1-5-21-4007026787-4011452002-2333655496-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4007026787-4011452002-2333655496-1003 - Limited - Enabled)
Jackie (S-1-5-21-4007026787-4011452002-2333655496-1000 - Administrator - Enabled) => C:\Users\Jackie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FC0AD63C-F5B6-1DA3-2425-729ACF2467BF}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{394E442A-637D-43EF-B402-4CFD88263CF0}) (Version: 14.8.7.1 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{081BF6AA-B504-48A3-BB2B-34B373D49CD1}) (Version: 14.8.10.7 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Carbonite (HKLM-x32\...\{01991D36-E966-4893-85E1-D97D01E5F6AC}) (Version: 5.8.4 build 5625 (Jan-12-2016) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Client Security - Password Manager (HKLM\...\{3FD730D4-755F-439B-8082-B55E00924A44}) (Version: 8.30.0044.00 - Lenovo Group Limited)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
cssSlider (HKLM-x32\...\cssSlider_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Easy Gadget (HKLM-x32\...\com.brighthouse.air.gadget.2DA7C778F19992E00A044810DE77BA5FE545D493.1) (Version: 3.0.3 - Bright House Networks, LLC.)
Easy Gadget (x32 Version: 3.0.3 - Bright House Networks, LLC.) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
Foscam Web Components 2.1.2.4065 (HKLM-x32\...\{97FD518A-EA1F-4B44-B7D7-890164D6B22E}_is1) (Version: 2.1.2.4065 - FOSCAM)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{0A33872C-25C0-4E0A-80DB-53067BB717DD}) (Version: 7.1.3.320 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.0.1229 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
IPCWebComponents 3.1.0.10 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.10 - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
j5 USB DISPLAY ADAPTER 14.06.1028.3179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 14.06.1028.3179 - j5create)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.0.0010.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.6769.2015 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.10.4 - Intuit)
Quicken Legal Business Pro 2010 (HKLM-x32\...\Quicken Legal Business Pro 2010) (Version:  - Nolo)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
ReliefJet Essentials for Outlook (HKLM-x32\...\{A344FC3A-9422-4676-A1A6-43D1F9840A5C}) (Version: 4.0.1 - Relief Software)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 5.1 - Screaming Frog Ltd)
SDR Free DVD Ripper (HKLM-x32\...\SDR Free DVD Ripper_is1) (Version: 1.0 - SoftDevResource)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.11.0 - Lenovo Group Limited)
Should I Remove It (HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sidekick for Outlook (HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\18545B70DA3FCDA141D2E3E5306ED621A7F563BB) (Version: 2.0.3.40 - HubSpot, Inc.)
Sidekick Outlook plugin (HKLM-x32\...\{4D272161-6199-4162-B119-13E4F3958F27}) (Version: 1.4.1.184 - HubSpot, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16021.15 - Samsung Electronics Co., Ltd.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.00.0010 - Lenovo Group Limited)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Advanced Micro Devices Inc (AtiPcie) System  (03/10/2010 1.3.3.70) (HKLM\...\F836A8E38705FD819DE64CFF807A29671F8B979F) (Version: 03/10/2010 1.3.3.70 - Advanced Micro Devices Inc)
Windows Driver Package - Advanced Micro Devices Inc. AMD USB Filter Driver (12/17/2010 1.0.20.122) (HKLM\...\273157A1959DF8E80E68A45758C345AF22CA4487) (Version: 12/17/2010 1.0.20.122 - Advanced Micro Devices Inc.)
Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display  (06/07/2011 8.862.0.0000) (HKLM\...\AC3C66F8709F96F0F1C772D0159629545F896C0B) (Version: 06/07/2011 8.862.0.0000 - ATI Technologies Inc.)
Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display  (06/07/2011 8.862.0.0000) (HKLM\...\C51BAB3E592A3471A73E2F0360024267BAB7E042) (Version: 06/07/2011 8.862.0.0000 - ATI Technologies Inc.)
Windows Driver Package - ATI Technologies Inc. (amdkmdap) Display  (07/18/2011 8.860.8.0000) (HKLM\...\C35B7C70CA1A2280C5F3B17DB6CB2F803678E307) (Version: 07/18/2011 8.860.8.0000 - ATI Technologies Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net  (05/10/2011 14.8.0.5) (HKLM\...\A04509556F067FA6439F61716CB5E7171AFF94D4) (Version: 05/10/2011 14.8.0.5 - Broadcom)
Windows Driver Package - Realtek (RSUSBSTOR) USB  (12/01/2010 6.1.7600.30127) (HKLM\...\A9B611D00F738A4FA650BF91A26C355FB188BFBD) (Version: 12/01/2010 6.1.7600.30127 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/26/2011 6.0.1.6358) (HKLM\...\5831859B234B35013DF4D3C125350DD15C001169) (Version: 04/26/2011 6.0.1.6358 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\Jackie\AppData\Roaming\Sidekick\adxloader64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05D1919E-C7F9-41A7-B781-FEE2AFBCCCEC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {096D2F66-6B28-4851-BD1B-2811B69AE308} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2015-03-23] (Lenovo)
Task: {0C464A99-522E-408C-B1C1-4E106888624D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {131D8226-9CC5-4A81-A242-42762E0D85FB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {19B8DFFC-C218-477F-AEFC-DB48F03BECF3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {204288D3-2B2D-44A6-A70B-BEE8FE29B613} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {28A8B35A-21FB-4199-8604-2795F59F3A8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2F50D72E-69BF-4B94-A17C-636BD3220364} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {3B3E89E0-AE2F-426C-A01C-81F391B2B99D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {6F0F3C1A-653E-438A-89BE-A5EC735F295B} - System32\Tasks\{34B2FADE-A84B-4869-BAFF-391275BEBACA} => C:\Program Files (x86)\Sony\PMB\PMBBrowser.exe
Task: {726E4763-DB83-4120-91B6-421C61800AA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {76122F65-5605-44EF-BC69-D3F313409284} - System32\Tasks\{24CE7834-3C60-40CD-BBC0-505D6F48E785} => C:\Program Files (x86)\Pentax\Digital Camera Utility\PPBRWS02.exe
Task: {761B244A-33DE-4029-98CE-6B98A69E4080} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {7A0AA7DC-AD00-4017-82DA-1C7DD2F3237E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {88BCCFE0-8F6C-4ABF-9780-BD2AA69836F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation)
Task: {8DC0714A-534D-4C12-8EAC-7E5C037E440E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-10] (Lenovo Group Limited)
Task: {AC814B9A-F22B-4821-9CEF-EE045893DB27} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {B42D5DE0-8F6D-40C5-B8FB-C4D1C7EE28AB} - System32\Tasks\AdobeAAMUpdater-1.0-Jackie-Lenovo-Jackie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {DFE564AC-673E-4DCE-AD0C-7832B827B985} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Jackie-Lenovo.Jackie => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-22] (Lenovo)
Task: {EB44CBDD-EAC2-4816-8D18-BCEB3D826A3C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {EE046ACD-7BD5-4595-BA24-DE1C4EB8725E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-31 17:40 - 2016-03-24 17:28 - 00172232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-01-29 13:25 - 2012-08-28 15:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2015-01-29 13:25 - 2011-05-03 19:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2016-03-31 17:43 - 2016-04-12 08:47 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-09-16 08:12 - 2015-09-16 08:12 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-01-22 16:47 - 2011-06-26 14:00 - 00029184 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-11-17 05:07 - 2011-11-17 05:07 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-17 04:54 - 2011-11-17 04:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-01-15 13:12 - 2015-12-29 13:17 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2015-01-22 16:52 - 2012-01-17 02:29 - 00030512 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2015-01-27 14:34 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-04-11 15:40 - 2016-04-06 06:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 15:40 - 2016-04-06 06:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-09-16 08:12 - 2015-09-16 08:12 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: cssauth => "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: QuickenScheduledUpdates => C:\Program Files (x86)\Quicken\bagent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ED348041-F978-4BF5-BF13-BC5ACCCA6541}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{34833FF4-7409-41D1-8CFB-1AA88B646018}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{DE6164E2-C1F6-4D42-A74F-6DA0DF856749}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{43324631-CB57-40A8-9EE8-8FDD3F699384}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{51E29FA4-3A47-4A73-9AEE-00F173C35958}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{940631BD-7575-4B9C-81EE-F06BA5E77CA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE583E1B-2D58-4AAE-9944-45B2CE192808}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{5773EEF4-16DA-492E-9267-6AE06F382BE3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{9F684CE2-7B8F-4453-B449-72FD97133668}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1434871C-CAA9-44D3-B3ED-7361FD08ACC4}] => (Allow) LPort=2869
FirewallRules: [{D211BE8E-2122-406E-ADB9-BA8180D64F3A}] => (Allow) LPort=1900
FirewallRules: [{7CD52B1A-EC2A-4E5F-9208-5C90E3ACCC56}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{4A7593BE-5ACE-4F07-A46F-F89CF338A852}C:\users\jackie\desktop\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcamera.exe
FirewallRules: [UDP Query User{C70044EC-0B87-4911-A287-945108DAA8C1}C:\users\jackie\desktop\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcamera.exe
FirewallRules: [TCP Query User{989036EA-8ACC-425E-9319-0AB4DB3437A7}E:\03_ip camera search tool\for windows os\ipcamera.exe] => (Allow) E:\03_ip camera search tool\for windows os\ipcamera.exe
FirewallRules: [UDP Query User{35AA9E2D-3F20-4036-8B52-ED4A48C12A2A}E:\03_ip camera search tool\for windows os\ipcamera.exe] => (Allow) E:\03_ip camera search tool\for windows os\ipcamera.exe
FirewallRules: [{F706A312-56B8-4803-8C90-7BFD54ED33A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{96FAD0EE-1F2D-4DFE-9E90-8C2B58661A12}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A8230F3-DF80-48E5-92AD-93B9D475BE47}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5AA00B4-272E-4F91-ADD3-68A25FA4A4E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F00DBB30-AD9B-4F64-8D4F-56FB5F117D58}C:\users\jackie\desktop\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcamera.exe
FirewallRules: [UDP Query User{0CBE7421-4621-49EA-A22D-DCC14DF93F73}C:\users\jackie\desktop\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcamera.exe
FirewallRules: [TCP Query User{996AB84B-CA03-417B-8BA9-F596B982D972}C:\users\jackie\desktop\ipcameratoolexe\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcameratoolexe\ipcamera.exe
FirewallRules: [UDP Query User{97A2BFC4-2541-463B-AFA8-AFB3BEED9F18}C:\users\jackie\desktop\ipcameratoolexe\ipcamera.exe] => (Allow) C:\users\jackie\desktop\ipcameratoolexe\ipcamera.exe
FirewallRules: [{DFBAE82D-76B2-483A-B300-DBC265566E08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B2D4E49-F45D-4995-9AB7-F7101B32D296}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F89A687D-119F-4B1E-95B6-AB21C60874E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8776A2A9-A9FD-4E03-A2A9-DAB0BC0F2969}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F505B723-CDDB-4975-903E-25502254B4CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3B83FE3E-8222-4613-A18A-9908E6C107C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D41CC14-D25F-479A-BDB6-A8B126D48D1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{021A04C7-91E3-460E-B486-0C023B99B78A}C:\users\jackie\documents\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\jackie\documents\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [UDP Query User{A880F8D2-06EC-4199-B79E-0954BD98C71D}C:\users\jackie\documents\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe] => (Allow) C:\users\jackie\documents\downloads\ipcameratool version 1.0.0.1 - 20131120\ipcamera.exe
FirewallRules: [{314ADF00-586F-4964-BFC0-C0486F1CD7C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D58375B1-FC1C-4EB9-B1B5-1CA0518C3104}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7ABA420C-EA39-4DCB-B4F9-76EA7C870F87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2A609F87-E911-4A6B-AE91-980C66FEA378}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9730FAD6-3B28-4EFC-9974-7496D012E012}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EAA20F92-5B28-4DD7-A825-D81D7E148E8C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{BACBC693-C877-40F2-9956-41FE21191DEE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{81A67D83-BE0B-4662-ABF4-331A8136DE34}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D14FBD21-C742-4E88-94F8-3B08B399BD6F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4A45F858-3B54-448C-8F74-B2298ABEFBB3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{56F7B723-8BA8-40AD-AADC-E4D14F6DB590}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5C41E2BD-83E1-49AE-8D5B-02ECA414AEEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-04-2016 03:00:24 Windows Update
13-04-2016 14:13:31 Windows Update
13-04-2016 19:47:42 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2016 08:35:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/14/2016 11:58:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/14/2016 08:35:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/14/2016 08:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2016 02:55:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2016 02:46:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2016 02:35:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2016 08:51:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2016 08:48:29 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Jackie-Lenovo)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.
 
Error: (04/12/2016 08:35:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/14/2016 07:21:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/14/2016 12:13:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.217.1301.0).
 
Error: (04/14/2016 12:12:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.217.1229.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/14/2016 12:12:34 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/14/2016 11:58:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053
 
Error: (04/14/2016 11:58:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (04/14/2016 11:56:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:54:57 AM on ‎4/‎14/‎2016 was unexpected.
 
Error: (04/14/2016 11:54:53 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: 
%%1056
 
Error: (04/14/2016 11:54:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/14/2016 11:54:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 B26 Processor
Percentage of memory in use: 65%
Total physical RAM: 3833.12 MB
Available physical RAM: 1326.4 MB
Total Virtual: 7664.42 MB
Available Virtual: 4245.07 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:451.6 GB) (Free:297.23 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (WD Passport) (Fixed) (Total:111.76 GB) (Free:83.12 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:12.69 GB) (Free:2.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6A76DB1E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 01144678)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Jackie (administrator) on JACKIE-LENOVO (15-04-2016 08:52:06)
Running from C:\Users\Jackie\Desktop
Loaded Profiles: Jackie (Available Profiles: Jackie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
() C:\Windows\System32\GManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Magic Control Technology Corporation) C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\MCT Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [275248 2014-08-28] (Magic Control Technology Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2011-08-10] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Http Listener] => C:\Program Files (x86)\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-01-12] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\...\MountPoints2: {383b9b43-a598-11e4-981b-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-31]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B2B58D71-F745-4A6F-9408-63ECBA1181BB}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS625
SearchScopes: HKU\S-1-5-21-4007026787-4011452002-2333655496-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS625
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2010-12-13] (Lenovo Group Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-31] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-24] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\jzpemcgo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @FOSCAM Web Components -> C:\Program Files (x86)\Foscam Web Components\npIPcamCloud.dll [2015-12-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-12-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4007026787-4011452002-2333655496-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jackie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-28] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: FireFTP - C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\jzpemcgo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-12-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://mysearch.avg.com?cid={C8812B7E-DA2A-42E4-8612-D15305FD20E9}&mid=ec5defee161c47d292e419d59a3ea68b-5a186ed6159af64d2d19161ff87af811fd32b70c&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-08-09 16:44:03&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={EC9FCD4E-2BC2-404A-91DC-402DCB67C88D}&mid=ec5defee161c47d292e419d59a3ea68b-5a186ed6159af64d2d19161ff87af811fd32b70c&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-08-12 17:11:14&v=18.1.8.643&pid=safeguard&sg=&sap=hp","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_16_04&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0EtAyEzzzzyCzztAyCtD0CyD0EtD0BtN0D0Tzu0StCyEzytDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtAyBtBzzyD0CzztGyB0B0C0BtG0B0C0CtAtGtC0F0A0DtG0BtD0ByByC0FtA0FtCtCzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtD0B0F0FyEtGyDtDyDtDtGyEtB0A0CtG0AyDzyzztGtA0FtDyC0C0C0A0A0F0C0F0D2QtN0A0LzutB%26cr%3D1682995091%26a%3Dwncy_rsprck_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_16_04&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0EtAyEzzzzyCzztAyCtD0CyD0EtD0BtN0D0Tzu0StCyEzytDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtAyBtBzzyD0CzztGyB0B0C0BtG0B0C0CtAtGtC0F0A0DtG0BtD0ByByC0FtA0FtCtCzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0DtD0B0F0FyEtGyDtDyDtDtGyEtB0A0CtG0AyDzyzztGtA0FtDyC0C0C0A0A0F0C0F0D2QtN0A0LzutB%26cr%3D1682995091%26a%3Dwncy_rsprck_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
CHR Profile: C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2016-04-02]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-05]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (HubSpot Sales) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-04-12]
CHR Extension: (Gmail) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-4007026787-4011452002-2333655496-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-05] (Adobe Systems) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-11-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [168808 2011-06-05] (Broadcom Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-03-24] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AC_Service.exe [309720 2016-01-28] (Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-05] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202272 2016-03-23] (Microsoft Corporation) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-09-02] (Lenovo Group Limited) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [161072 2014-10-28] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-10-28] (support.com, Inc)
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [439704 2014-10-28] (Magic Control Technology Corp.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2015-09-03] (Rsupport Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 08:52 - 2016-04-15 08:53 - 00031284 _____ C:\Users\Jackie\Desktop\FRST.txt
2016-04-15 08:50 - 2016-04-15 08:50 - 02375168 _____ (Farbar) C:\Users\Jackie\Desktop\FRST64.exe
2016-04-15 08:37 - 2016-04-15 08:37 - 00000000 ___HD C:\OneDriveTemp
2016-04-13 14:33 - 2016-04-13 14:45 - 00283816 _____ C:\Windows\ntbtlog.txt
2016-04-13 13:59 - 2016-04-13 14:08 - 00225826 _____ C:\TDSSKiller.3.1.0.9_13.04.2016_13.59.56_log.txt
2016-04-13 05:36 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 05:36 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 05:36 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 05:35 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 05:35 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 05:35 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 05:35 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 05:35 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 05:35 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 05:35 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 05:35 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 05:35 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 05:35 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 05:35 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 05:35 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 05:35 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 05:35 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 05:35 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 05:35 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 05:35 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 05:35 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 05:35 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 05:35 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 05:35 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 05:35 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 05:35 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 05:35 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 05:35 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 05:35 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 05:35 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 05:35 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 05:35 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 05:35 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 05:35 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 05:35 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 05:35 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 05:35 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 05:35 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 05:35 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 05:35 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 05:35 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 05:35 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 05:35 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 05:35 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 05:35 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 05:35 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 05:35 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 05:35 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 05:35 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 05:35 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 05:35 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 05:35 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 05:35 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 05:35 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 05:35 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 05:35 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 05:35 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 05:35 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 05:35 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 05:35 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 05:35 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 05:35 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 05:35 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 05:35 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 05:35 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 05:35 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 05:35 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 05:35 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 05:35 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 05:35 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 05:35 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 05:35 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 05:35 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 05:35 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 05:35 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 05:35 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 05:35 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 05:35 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 05:35 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 05:35 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 05:35 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 05:35 - 2016-02-05 15:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-04-13 05:35 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 05:35 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 05:35 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 05:35 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 05:35 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 05:35 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 05:29 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 05:29 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 05:29 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 05:29 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 05:29 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 05:29 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 05:29 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 05:29 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 05:29 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 05:29 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 05:29 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 05:29 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 05:29 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 05:29 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 05:29 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 05:29 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 05:29 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 05:29 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 05:29 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 05:29 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 05:29 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 05:29 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 05:29 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 05:29 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 05:29 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 05:29 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 05:29 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 05:29 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 05:29 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 05:29 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 05:29 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 05:29 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 05:29 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 05:29 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 05:29 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 05:29 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 05:29 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 05:29 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 05:29 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 05:29 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 05:29 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 05:29 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 05:29 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 05:29 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 05:29 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 05:29 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 05:29 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 05:29 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 05:29 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 05:29 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 05:29 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 05:29 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 05:29 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 05:29 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 05:29 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 05:29 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 05:29 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 05:29 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 05:29 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 05:29 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 05:29 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 05:29 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 05:29 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 05:29 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 05:29 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 05:29 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 12:49 - 2016-04-12 18:33 - 00000000 ____D C:\Users\Jackie\Documents\Pigeons
2016-04-10 10:11 - 2016-04-10 10:15 - 00000000 ____D C:\Users\Jackie\Documents\Linksys
2016-04-09 15:21 - 2016-04-09 15:31 - 00000000 ____D C:\Users\Jackie\Documents\kitchen
2016-04-07 14:14 - 2016-04-07 14:14 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\com.adobe.WidgetBrowser
2016-04-05 19:05 - 2016-04-05 19:05 - 00127659 _____ C:\Users\Jackie\Desktop\04-05-16 chase message.pdf
2016-04-04 12:10 - 2016-04-04 12:10 - 00018445 _____ C:\Users\Jackie\Documents\bob12-11 pay.pdf
2016-03-31 17:43 - 2016-03-31 17:43 - 00002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-31 17:43 - 2016-03-31 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-31 17:42 - 2016-04-12 08:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-31 17:40 - 2016-03-31 17:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-29 17:27 - 2016-03-29 17:34 - 146139484 _____ C:\Users\Jackie\Desktop\20160327011425.MP4
2016-03-27 20:08 - 2016-03-27 20:08 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-27 20:08 - 2016-03-27 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-27 20:08 - 2016-03-27 20:08 - 00000000 ____D C:\Program Files\iTunes
2016-03-27 20:08 - 2016-03-27 20:08 - 00000000 ____D C:\Program Files\iPod
2016-03-27 20:08 - 2016-03-27 20:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-24 19:34 - 2016-04-12 09:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 16:05 - 2016-03-25 08:54 - 00000000 ____D C:\Users\Jackie\Documents\Puritan
2016-03-21 12:00 - 2016-03-21 12:00 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-19 18:03 - 2016-03-19 18:03 - 00000000 ____D C:\Users\Jackie\Documents\Ulead Burn.Now
2016-03-19 18:03 - 2016-03-19 18:03 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Ulead Systems
2016-03-19 06:07 - 2016-03-19 06:07 - 00635040 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00390320 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00332968 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-03-19 06:07 - 2016-03-19 06:07 - 00088752 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00439608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00266928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00243520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-03-19 05:18 - 2016-03-19 05:18 - 00085328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-03-18 17:10 - 2016-03-19 12:40 - 00000000 ____D C:\Users\Jackie\Documents\DashCam
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 08:52 - 2015-02-09 11:02 - 00000000 ____D C:\FRST
2016-04-15 08:50 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-15 08:50 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-15 08:45 - 2015-01-27 01:08 - 00000000 ____D C:\Users\Jackie\AppData\Local\Adobe
2016-04-15 08:42 - 2015-01-26 14:36 - 00000000 ____D C:\Users\Jackie\Documents\Outlook Files
2016-04-15 08:42 - 2009-07-14 01:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 08:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-15 08:37 - 2015-06-06 17:31 - 00000000 ___RD C:\Users\Jackie\OneDrive
2016-04-15 08:36 - 2015-02-05 13:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 08:35 - 2015-01-29 13:25 - 00002804 _____ C:\Windows\system32\GManager.ini
2016-04-15 08:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-14 19:15 - 2015-03-10 11:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 18:33 - 2015-02-05 13:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 11:54 - 2015-02-03 14:34 - 00000000 ____D C:\AdwCleaner
2016-04-14 11:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-14 08:35 - 2009-07-14 00:45 - 00407672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 08:31 - 2015-01-28 09:50 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 19:45 - 2010-11-20 23:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-13 19:35 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Passwords
2016-04-13 17:21 - 2015-01-31 12:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 14:25 - 2015-01-27 20:21 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 14:19 - 2015-01-27 20:21 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 14:12 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Doves
2016-04-13 14:08 - 2016-01-28 11:46 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-13 12:05 - 2016-01-28 11:45 - 00000000 ____D C:\Users\Jackie\AppData\Local\Citrix
2016-04-13 10:53 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Orders
2016-04-12 11:45 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Fidelity
2016-04-12 08:48 - 2015-01-22 17:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-11 15:40 - 2015-02-05 13:45 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 09:42 - 2016-01-28 12:14 - 01486336 ___SH C:\Users\Jackie\Documents\Thumbs.db
2016-04-09 20:19 - 2015-08-23 13:24 - 00000000 ____D C:\Users\Jackie\Documents\2015-16 cruise
2016-04-09 16:17 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\samsung
2016-04-09 14:27 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Rod
2016-04-09 14:27 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Meghan
2016-04-09 11:43 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Chase Sapphire
2016-04-08 20:34 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Suncoast
2016-04-08 20:15 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\House Info
2016-04-08 13:31 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\BrightHouse
2016-04-08 10:15 - 2015-03-10 11:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 10:15 - 2015-03-10 11:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 10:15 - 2015-03-10 11:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 19:11 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Cody
2016-04-07 14:14 - 2015-01-26 13:32 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Adobe
2016-04-07 12:30 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Fax
2016-04-05 08:49 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\website developing
2016-04-04 18:52 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Prudential
2016-04-04 12:22 - 2015-11-20 15:15 - 00000000 ____D C:\Users\Jackie\Documents\Paycheck vouchers
2016-04-02 14:43 - 2015-01-27 01:04 - 00000000 ____D C:\Users\Jackie\Documents\Foscam IP
2016-04-02 14:26 - 2015-06-28 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foscam Web Components
2016-04-02 14:26 - 2015-06-28 14:21 - 00000000 ____D C:\Program Files (x86)\Foscam Web Components
2016-04-02 11:37 - 2015-02-05 14:27 - 00000000 ____D C:\Users\Jackie\Documents\PhotoShop license
2016-04-01 09:08 - 2016-03-10 11:23 - 00000000 ____D C:\Users\Jackie\Documents\Geico
2016-04-01 08:47 - 2015-10-24 20:07 - 00000000 ____D C:\Users\Jackie\Documents\Rochelle
2016-04-01 08:29 - 2015-01-26 13:31 - 00106264 _____ C:\Users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-31 20:41 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Oracle
2016-03-31 17:40 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-31 17:22 - 2015-02-01 12:09 - 00000000 ____D C:\Users\Jackie\AppData\Local\Windows Live
2016-03-31 17:19 - 2015-01-27 14:34 - 00000426 _____ C:\Windows\BRWMARK.INI
2016-03-31 09:24 - 2015-03-17 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-31 09:24 - 2015-03-17 17:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-31 09:23 - 2016-02-20 11:13 - 00000000 ____D C:\Users\Jackie\.oracle_jre_usage
2016-03-31 09:22 - 2015-03-17 17:08 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-31 08:53 - 2015-03-02 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-29 20:07 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\TurboTax
2016-03-29 17:27 - 2015-01-26 13:30 - 00000000 ____D C:\Users\Jackie
2016-03-29 17:24 - 2015-03-02 21:11 - 00006144 ___SH C:\Users\Jackie\Thumbs.db
2016-03-29 14:45 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Kohls
2016-03-29 13:34 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-29 08:51 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Jackie medical
2016-03-28 11:07 - 2015-01-27 01:05 - 00000000 ____D C:\Users\Jackie\Documents\Sears Master Card
2016-03-27 20:08 - 2015-02-26 19:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-25 12:28 - 2015-01-27 01:08 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Yahoo!
2016-03-24 20:32 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 20:32 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-23 20:07 - 2015-03-25 20:25 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-23 20:07 - 2015-01-31 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-23 20:07 - 2015-01-31 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-23 20:06 - 2015-07-11 16:48 - 00000000 ____D C:\Users\Jackie\Documents\registry BU
2016-03-23 20:04 - 2015-02-02 15:26 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\TeamViewer
2016-03-23 19:53 - 2015-01-31 12:07 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-22 09:22 - 2015-06-16 11:46 - 00000000 ____D C:\Users\Jackie\Documents\FICO
2016-03-21 12:00 - 2015-02-02 15:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-16 10:55 - 2016-03-15 15:58 - 00000000 ____D C:\Users\Jackie\Documents\Toshiba
 
==================== Files in the root of some directories =======
 
2011-10-26 11:06 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\57a02e63
2011-10-26 11:21 - 2011-10-26 13:19 - 0000667 _____ () C:\Users\Jackie\AppData\Roaming\a0d85999
2011-10-26 11:10 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\b77dd19c
2015-07-31 19:32 - 2015-07-31 19:32 - 0038449 _____ () C:\Users\Jackie\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-12-30 21:22 - 2015-12-30 21:22 - 229845735 _____ () C:\Users\Jackie\AppData\Local\ACCCx3_4_3_189.zip.aamdownload
2015-12-30 21:22 - 2015-12-30 21:22 - 0002657 _____ () C:\Users\Jackie\AppData\Local\ACCCx3_4_3_189.zip.aamdownload.aamd
2015-02-26 17:19 - 2016-01-15 17:16 - 0011776 _____ () C:\Users\Jackie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-24 15:15 - 2011-01-24 15:15 - 0000129 _____ () C:\Users\Jackie\AppData\Local\fusioncache.dat
2015-09-29 12:11 - 2015-09-29 12:11 - 0000848 _____ () C:\Users\Jackie\AppData\Local\recently-used.xbel
2015-05-03 10:46 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\Jackie\AppData\Local\Z@!-aa1a3118-58c3-479a-979d-70fb138fc247.tmp
2015-05-03 10:46 - 2015-01-29 11:14 - 0009216 _____ () C:\Users\Jackie\AppData\Local\Z@S!-d77df9e2-86d5-4ef0-860c-1b083b8f887f.tmp
2015-02-16 10:18 - 2016-01-28 13:33 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Jackie\AppData\Local\Temp\libeay32.dll
C:\Users\Jackie\AppData\Local\Temp\msvcr120.dll
C:\Users\Jackie\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-29 00:47
 
==================== End of FRST.txt ========


#4 jackiegreeno

jackiegreeno
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 15 April 2016 - 08:20 AM

Attached File  Summary.zip   106.05KB   2 downloadsHere is the summary  



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 15 April 2016 - 11:07 AM

Hi Jackie.

I understand why you would be concerned, however these types of scams are intended to scare you by making you believe there is something lurking on your computer that you don't understand. Their goal is to try to separate you from your money. We will be very thorough in our evaluation of your computer to determine whether or not you should be concerned. So far I am not seeing anything alarming.

Are you familiar with the following entries on your computer?

Foscam
Support.com
TeamViewer

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
2011-10-26 11:06 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\57a02e63
2011-10-26 11:21 - 2011-10-26 13:19 - 0000667 _____ () C:\Users\Jackie\AppData\Roaming\a0d85999
2011-10-26 11:10 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\b77dd19c
2015-05-03 10:46 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\Jackie\AppData\Local\Z@!-aa1a3118-58c3-479a-979d-70fb138fc247.tmp
2015-05-03 10:46 - 2015-01-29 11:14 - 0009216 _____ () C:\Users\Jackie\AppData\Local\Z@S!-d77df9e2-86d5-4ef0-860c-1b083b8f887f.tmp
CMD: type "C:\TDSSKiller.3.1.0.9_13.04.2016_13.59.56_log.txt"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Familiar with programs?
  • Fixlog
  • AdwCleaner log
  • Are you noticing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jackiegreeno

jackiegreeno
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 15 April 2016 - 01:07 PM

Foscam is my IP Camera.

TeamViewer I have installed on my PC.  I use it.  Other technicians have used a paid version, as well.

Support.com could be the program they used the other day.  I have no idea.

Here is the fix log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Jackie (2016-04-15 13:38:22) Run:2
Running from C:\Users\Jackie\Desktop\FRST.exe
Loaded Profiles: Jackie (Available Profiles: Jackie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
2011-10-26 11:06 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\57a02e63
2011-10-26 11:21 - 2011-10-26 13:19 - 0000667 _____ () C:\Users\Jackie\AppData\Roaming\a0d85999
2011-10-26 11:10 - 2011-10-26 13:19 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\b77dd19c
2015-05-03 10:46 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\Jackie\AppData\Local\Z@!-aa1a3118-58c3-479a-979d-70fb138fc247.tmp
2015-05-03 10:46 - 2015-01-29 11:14 - 0009216 _____ () C:\Users\Jackie\AppData\Local\Z@S!-d77df9e2-86d5-4ef0-860c-1b083b8f887f.tmp
CMD: type "C:\TDSSKiller.3.1.0.9_13.04.2016_13.59.56_log.txt"
*****************
 
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key not found. 
C:\Users\Jackie\AppData\Roaming\57a02e63 => moved successfully
C:\Users\Jackie\AppData\Roaming\a0d85999 => moved successfully
C:\Users\Jackie\AppData\Roaming\b77dd19c => moved successfully
C:\Users\Jackie\AppData\Local\Z@!-aa1a3118-58c3-479a-979d-70fb138fc247.tmp => moved successfully
C:\Users\Jackie\AppData\Local\Z@S!-d77df9e2-86d5-4ef0-860c-1b083b8f887f.tmp => moved successfully
 
=========  type "C:\TDSSKiller.3.1.0.9_13.04.2016_13.59.56_log.txt" =========
 
13:59:56.0220 0x20f8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:00:06.0253 0x20f8  ============================================================
14:00:06.0253 0x20f8  Current date / time: 2016/04/13 14:00:06.0253
14:00:06.0253 0x20f8  SystemInfo:
14:00:06.0254 0x20f8  
14:00:06.0254 0x20f8  OS Version: 6.1.7601 ServicePack: 1.0
14:00:06.0254 0x20f8  Product type: Workstation
14:00:06.0254 0x20f8  ComputerName: JACKIE-LENOVO
14:00:06.0254 0x20f8  UserName: Jackie
14:00:06.0254 0x20f8  Windows directory: C:\Windows
14:00:06.0254 0x20f8  System windows directory: C:\Windows
14:00:06.0254 0x20f8  Running under WOW64
14:00:06.0254 0x20f8  Processor architecture: Intel x64
14:00:06.0254 0x20f8  Number of processors: 2
14:00:06.0254 0x20f8  Page size: 0x1000
14:00:06.0254 0x20f8  Boot type: Normal boot
14:00:06.0254 0x20f8  ============================================================
14:00:08.0549 0x20f8  KLMD registered as C:\Windows\system32\drivers\56903034.sys
14:00:09.0934 0x20f8  System UUID: {60312AE9-A9A1-9DC3-52B6-0D9DE104BD38}
14:00:11.0042 0x20f8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:00:11.0065 0x20f8  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:00:11.0090 0x20f8  ============================================================
14:00:11.0090 0x20f8  \Device\Harddisk0\DR0:
14:00:11.0090 0x20f8  MBR partitions:
14:00:11.0090 0x20f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
14:00:11.0090 0x20f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38733830
14:00:11.0090 0x20f8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38A22800, BlocksNum 0x1963000
14:00:11.0090 0x20f8  \Device\Harddisk1\DR1:
14:00:11.0092 0x20f8  MBR partitions:
14:00:11.0092 0x20f8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782
14:00:11.0092 0x20f8  ============================================================
14:00:11.0285 0x20f8  C: <-> \Device\Harddisk0\DR0\Partition2
14:00:11.0369 0x20f8  Q: <-> \Device\Harddisk0\DR0\Partition3
14:00:11.0369 0x20f8  D: <-> \Device\Harddisk1\DR1\Partition1
14:00:11.0369 0x20f8  ============================================================
14:00:11.0369 0x20f8  Initialize success
14:00:11.0369 0x20f8  ============================================================
14:00:15.0551 0x041c  ============================================================
14:00:15.0551 0x041c  Scan started
14:00:15.0551 0x041c  Mode: Manual; 
14:00:15.0551 0x041c  ============================================================
14:00:15.0551 0x041c  KSN ping started
14:00:18.0172 0x041c  KSN ping finished: true
14:00:20.0402 0x041c  ================ Scan system memory ========================
14:00:20.0403 0x041c  System memory - ok
14:00:20.0404 0x041c  ================ Scan services =============================
14:00:20.0547 0x041c  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:00:20.0563 0x041c  !SASCORE - ok
14:00:22.0138 0x041c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:00:22.0153 0x041c  1394ohci - ok
14:00:22.0219 0x041c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:00:22.0228 0x041c  ACPI - ok
14:00:22.0240 0x041c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:00:22.0240 0x041c  AcpiPmi - ok
14:00:22.0994 0x041c  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:00:23.0001 0x041c  Adobe LM Service - ok
14:00:23.0137 0x041c  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:00:23.0142 0x041c  AdobeARMservice - ok
14:00:23.0305 0x041c  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:00:23.0335 0x041c  AdobeFlashPlayerUpdateSvc - ok
14:00:23.0384 0x041c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:00:23.0396 0x041c  adp94xx - ok
14:00:23.0451 0x041c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:00:23.0459 0x041c  adpahci - ok
14:00:23.0481 0x041c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:00:23.0486 0x041c  adpu320 - ok
14:00:23.0538 0x041c  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:00:23.0540 0x041c  AeLookupSvc - ok
14:00:23.0589 0x041c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
14:00:23.0616 0x041c  AFD - ok
14:00:23.0636 0x041c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:00:23.0639 0x041c  agp440 - ok
14:00:24.0572 0x041c  [ C17171E63E84F5711DF23B8F1E7A100E, C2AFDDA0A1A502FAE6B51BD00FF5884F46A74D9AEC76856B32E82D244D14FA97 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
14:00:24.0724 0x041c  AGSService - ok
14:00:24.0817 0x041c  [ D64EB48F8E5865068674B9EF71D80A21, FA7E4A41502F343666767AE42E69148CDEBB8D76BE7045D75F3DAB4039E516F3 ] ahcix64s        C:\Windows\system32\drivers\ahcix64s.sys
14:00:24.0867 0x041c  ahcix64s - ok
14:00:24.0895 0x041c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:00:24.0899 0x041c  ALG - ok
14:00:24.0924 0x041c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:00:24.0926 0x041c  aliide - ok
14:00:24.0975 0x041c  [ 4EE12790799CBB7915A1CA76B67D0A30, E9CA4ECCABC8D59917C904A7896D860BFF5B332E48185EF27CD1A7F49F562127 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:00:24.0981 0x041c  AMD External Events Utility - ok
14:00:25.0007 0x041c  AMD FUEL Service - ok
14:00:25.0035 0x041c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:00:25.0038 0x041c  amdide - ok
14:00:25.0085 0x041c  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
14:00:25.0088 0x041c  amdiox64 - ok
14:00:25.0136 0x041c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:00:25.0139 0x041c  AmdK8 - ok
14:00:25.0494 0x041c  [ 84DD9AB88DE654B8FC7F133C22C4BAD6, 286D3F30A6F2304CD98E5865892D41E8476F2C4484D97EF218E690E5EC8EF2ED ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:00:25.0773 0x041c  amdkmdag - ok
14:00:25.0867 0x041c  [ F860B8C281663A75122182024C04088A, 5D950F2AFADB8BBEE17EBA043C6C58F6B1F4B2215F8708442D4BF87D3C59A336 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:00:25.0875 0x041c  amdkmdap - ok
14:00:25.0898 0x041c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:00:25.0901 0x041c  AmdPPM - ok
14:00:25.0934 0x041c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:00:25.0938 0x041c  amdsata - ok
14:00:25.0957 0x041c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:00:25.0961 0x041c  amdsbs - ok
14:00:25.0990 0x041c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:00:25.0992 0x041c  amdxata - ok
14:00:26.0039 0x041c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
14:00:26.0055 0x041c  AppID - ok
14:00:26.0120 0x041c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:00:26.0160 0x041c  AppIDSvc - ok
14:00:26.0212 0x041c  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
14:00:26.0215 0x041c  Appinfo - ok
14:00:26.0309 0x041c  [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:00:26.0316 0x041c  Apple Mobile Device Service - ok
14:00:26.0369 0x041c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:00:26.0369 0x041c  AppMgmt - ok
14:00:26.0415 0x041c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:00:26.0421 0x041c  arc - ok
14:00:26.0430 0x041c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:00:26.0433 0x041c  arcsas - ok
14:00:26.0734 0x041c  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:00:26.0739 0x041c  aspnet_state - ok
14:00:26.0788 0x041c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:00:26.0791 0x041c  AsyncMac - ok
14:00:26.0817 0x041c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:00:26.0818 0x041c  atapi - ok
14:00:26.0866 0x041c  [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:00:26.0867 0x041c  AtiPcie - ok
14:00:26.0921 0x041c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:00:26.0946 0x041c  AudioEndpointBuilder - ok
14:00:26.0969 0x041c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:00:26.0981 0x041c  AudioSrv - ok
14:00:27.0040 0x041c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:00:27.0044 0x041c  AxInstSV - ok
14:00:27.0084 0x041c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:00:27.0095 0x041c  b06bdrv - ok
14:00:27.0144 0x041c  [ EDB5D0A26BD0FC5A0A26512F1E5D5F87, 8B8831871BC9A7C0CB37D0C569884410468583AF1879DEE4F80297E07FA3E2F3 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:00:27.0153 0x041c  b57nd60a - ok
14:00:27.0182 0x041c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:00:27.0186 0x041c  BDESVC - ok
14:00:27.0213 0x041c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:00:27.0214 0x041c  Beep - ok
14:00:27.0308 0x041c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:00:27.0334 0x041c  BFE - ok
14:00:27.0371 0x041c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:00:27.0405 0x041c  BITS - ok
14:00:27.0432 0x041c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:00:27.0434 0x041c  blbdrive - ok
14:00:27.0483 0x041c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:00:27.0494 0x041c  Bonjour Service - ok
14:00:27.0541 0x041c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:00:27.0547 0x041c  bowser - ok
14:00:27.0598 0x041c  [ 8CAB2B49C2368C79689D8F528FC528D0, C0736EFB235E9153DF5F75C52D08712E982B0691F46156DCE6595D38D70A7733 ] BrcmMgmtAgent   C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
14:00:27.0602 0x041c  BrcmMgmtAgent - ok
14:00:27.0621 0x041c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:00:27.0623 0x041c  BrFiltLo - ok
14:00:27.0635 0x041c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:00:27.0637 0x041c  BrFiltUp - ok
14:00:27.0665 0x041c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:00:27.0669 0x041c  Browser - ok
14:00:27.0713 0x041c  [ E5E9B1625A767CEB6F319C12D33EAB78, F49FF610C0712FAE4B69BD300C78D7DEA7C72DFC076323295779272D1E23D7CE ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
14:00:27.0731 0x041c  BrSerIb - ok
14:00:27.0914 0x041c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:00:27.0922 0x041c  Brserid - ok
14:00:28.0011 0x041c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:00:28.0032 0x041c  BrSerWdm - ok
14:00:28.0051 0x041c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:00:28.0056 0x041c  BrUsbMdm - ok
14:00:28.0077 0x041c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:00:28.0084 0x041c  BrUsbSer - ok
14:00:28.0174 0x041c  [ D9F6B30AD93CBD165EC71FADF51DF25E, 9E38846451650F4F320CB1DEA9C010653A54D7419591719936BF53BEE269F1A8 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
14:00:28.0216 0x041c  BrUsbSIb - ok
14:00:28.0235 0x041c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:00:28.0238 0x041c  BTHMODEM - ok
14:00:28.0269 0x041c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:00:28.0274 0x041c  bthserv - ok
14:00:28.0579 0x041c  [ 52AE2CDD37AB735FBDA52263EFD524AA, 844103913E6079CC1C49B05FFB1CDC9A68692A8EE5A05C9C28FD272DFE534913 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
14:00:28.0622 0x041c  c2cautoupdatesvc - ok
14:00:28.0702 0x041c  [ C35B91B6777E7C6DB67B8583D2AA66A7, CE3A004B560EB750442150FEEFEE074A11A17E66B3F2A489E8EF1DBCF8FE8390 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
14:00:28.0769 0x041c  c2cpnrsvc - ok
14:00:29.0441 0x041c  [ A1A4FBDFB532E573CD630E225E4A54D3, D9B360E97D1AD73E1FE3C3FD49CBA04E966A2DB5ED37F0AA6DCFC5B192010464 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
14:00:29.0740 0x041c  CarboniteService - ok
14:00:29.0787 0x041c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:00:29.0790 0x041c  cdfs - ok
14:00:29.0824 0x041c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:00:29.0828 0x041c  cdrom - ok
14:00:29.0883 0x041c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:00:29.0885 0x041c  CertPropSvc - ok
14:00:29.0910 0x041c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:00:29.0912 0x041c  circlass - ok
14:00:30.0065 0x041c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
14:00:30.0139 0x041c  CLFS - ok
14:00:30.0576 0x041c  [ 00B0F3CA2EC79B59181CC043B821A408, E5E3A4B46C0E3FDC949F4786EC0776C79B413031C2C6864BDBD34E4C1403A0F6 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
14:00:30.0667 0x041c  ClickToRunSvc - ok
14:00:30.0764 0x041c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:00:30.0773 0x041c  clr_optimization_v2.0.50727_32 - ok
14:00:30.0829 0x041c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:00:30.0834 0x041c  clr_optimization_v2.0.50727_64 - ok
14:00:30.0938 0x041c  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:00:30.0943 0x041c  clr_optimization_v4.0.30319_32 - ok
14:00:30.0985 0x041c  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:00:30.0988 0x041c  clr_optimization_v4.0.30319_64 - ok
14:00:31.0022 0x041c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:00:31.0023 0x041c  CmBatt - ok
14:00:31.0038 0x041c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:00:31.0038 0x041c  cmdide - ok
14:00:31.0109 0x041c  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:00:31.0133 0x041c  CNG - ok
14:00:31.0154 0x041c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:00:31.0170 0x041c  Compbatt - ok
14:00:31.0185 0x041c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:00:31.0185 0x041c  CompositeBus - ok
14:00:31.0202 0x041c  COMSysApp - ok
14:00:31.0254 0x041c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:00:31.0254 0x041c  crcdisk - ok
14:00:31.0355 0x041c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:00:31.0370 0x041c  CryptSvc - ok
14:00:31.0484 0x041c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
14:00:31.0509 0x041c  CSC - ok
14:00:31.0713 0x041c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:00:31.0755 0x041c  CscService - ok
14:00:31.0812 0x041c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:00:31.0824 0x041c  DcomLaunch - ok
14:00:31.0866 0x041c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:00:31.0873 0x041c  defragsvc - ok
14:00:31.0907 0x041c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:00:31.0911 0x041c  DfsC - ok
14:00:32.0002 0x041c  [ BC319C065335B10A5AA5938A677A60D5, 6F32AF2A440E763DC2ADD06F3422DCF3285BDFA9E69E5C3CD67A10F039B2830F ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:00:32.0006 0x041c  dg_ssudbus - ok
14:00:32.0128 0x041c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:00:32.0147 0x041c  Dhcp - ok
14:00:32.0364 0x041c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
14:00:32.0404 0x041c  DiagTrack - ok
14:00:32.0566 0x041c  [ 68BFCCC1EC25F0F942EA32AD9D67A131, CF19DA2816262D9D532249970581E55DF595A5FD0ABE44C5124A40F42A9B28B4 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
14:00:32.0622 0x041c  DigitalWave.Update.Service - ok
14:00:32.0650 0x041c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:00:32.0698 0x041c  discache - ok
14:00:32.0775 0x041c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:00:32.0778 0x041c  Disk - ok
14:00:32.0796 0x041c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:00:32.0799 0x041c  dmvsc - ok
14:00:32.0828 0x041c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:00:32.0833 0x041c  Dnscache - ok
14:00:32.0856 0x041c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:00:32.0862 0x041c  dot3svc - ok
14:00:32.0877 0x041c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:00:32.0882 0x041c  DPS - ok
14:00:32.0942 0x041c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:00:32.0954 0x041c  drmkaud - ok
14:00:33.0101 0x041c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:00:33.0140 0x041c  DXGKrnl - ok
14:00:33.0188 0x041c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:00:33.0192 0x041c  EapHost - ok
14:00:33.0562 0x041c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:00:33.0663 0x041c  ebdrv - ok
14:00:33.0708 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] EFS             C:\Windows\System32\lsass.exe
14:00:33.0710 0x041c  EFS - ok
14:00:33.0927 0x041c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:00:33.0956 0x041c  ehRecvr - ok
14:00:33.0991 0x041c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:00:33.0994 0x041c  ehSched - ok
14:00:34.0191 0x041c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:00:34.0227 0x041c  elxstor - ok
14:00:34.0269 0x041c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:00:34.0273 0x041c  ErrDev - ok
14:00:34.0323 0x041c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:00:34.0334 0x041c  EventSystem - ok
14:00:34.0358 0x041c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:00:34.0363 0x041c  exfat - ok
14:00:34.0403 0x041c  [ EB3A7D5663ACAC417DF986D4AEE12170, E2E7A0DEF42E0E9D8E2A70FAEC84D4BB67D8C6F9F6B4C0DE884FA4A12C031F91 ] Fastboot        C:\Windows\system32\DRIVERS\Fastboot.sys
14:00:34.0422 0x041c  Fastboot - ok
14:00:34.0571 0x041c  [ 63511240AF70D10343A4AE05F8E2CA12, E4A873CE9F685E42347390F7D7D50CD8D3C9A5FCFFEA26093438F679D1CE275D ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
14:00:34.0579 0x041c  FastbootService - ok
14:00:34.0608 0x041c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:00:34.0613 0x041c  fastfat - ok
14:00:34.0652 0x041c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:00:34.0667 0x041c  Fax - ok
14:00:34.0731 0x041c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:00:34.0733 0x041c  fdc - ok
14:00:34.0751 0x041c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:00:34.0752 0x041c  fdPHost - ok
14:00:34.0767 0x041c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:00:34.0769 0x041c  FDResPub - ok
14:00:34.0784 0x041c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:00:34.0787 0x041c  FileInfo - ok
14:00:34.0804 0x041c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:00:34.0806 0x041c  Filetrace - ok
14:00:34.0817 0x041c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:00:34.0818 0x041c  flpydisk - ok
14:00:34.0839 0x041c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:00:34.0854 0x041c  FltMgr - ok
14:00:35.0039 0x041c  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
14:00:35.0073 0x041c  FontCache - ok
14:00:35.0149 0x041c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:00:35.0153 0x041c  FontCache3.0.0.0 - ok
14:00:35.0198 0x041c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:00:35.0200 0x041c  FsDepends - ok
14:00:35.0273 0x041c  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:00:35.0273 0x041c  fssfltr - ok
14:00:35.0426 0x041c  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:00:35.0469 0x041c  fsssvc - ok
14:00:35.0538 0x041c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:00:35.0538 0x041c  Fs_Rec - ok
14:00:35.0633 0x041c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:00:35.0659 0x041c  fvevol - ok
14:00:35.0707 0x041c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:00:35.0710 0x041c  gagp30kx - ok
14:00:35.0738 0x041c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:00:35.0740 0x041c  GEARAspiWDM - ok
14:00:35.0811 0x041c  [ 57888A823873B256786D88C8E5999093, 560C1088E2BB1E99B9C4E2FBFAB2B7824B4727E1EFD6889E4C5B6E7BCB77ED6D ] GManager        C:\Windows\system32\GManager.exe
14:00:35.0819 0x041c  GManager - ok
14:00:35.0972 0x041c  [ 962B8162B2F7BF28AC8690921A87F5E3, C8E66726B6703153CC4158CD37ACEEF9E8F25A4E6B53D4C8B42F9A3F9D29BBF1 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AC_Service.exe
14:00:36.0022 0x041c  GoToAssist - ok
14:00:36.0243 0x041c  [ 5AD4899C636CD471544478FCBB9B1EFF, 4CE03D8C7C60F59D63E547FFBB257CB7124E67697B564A332AECFA130B7B3DC9 ] GoToAssist Remote Support Customer C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
14:00:36.0303 0x041c  GoToAssist Remote Support Customer - ok
14:00:36.0563 0x041c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:00:36.0634 0x041c  gpsvc - ok
14:00:36.0865 0x041c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:00:36.0870 0x041c  gupdate - ok
14:00:36.0907 0x041c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:00:36.0911 0x041c  gupdatem - ok
14:00:36.0939 0x041c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:00:36.0951 0x041c  hcw85cir - ok
14:00:37.0000 0x041c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:00:37.0073 0x041c  HdAudAddService - ok
14:00:37.0105 0x041c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:00:37.0110 0x041c  HDAudBus - ok
14:00:37.0125 0x041c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:00:37.0127 0x041c  HidBatt - ok
14:00:37.0143 0x041c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:00:37.0143 0x041c  HidBth - ok
14:00:37.0159 0x041c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:00:37.0159 0x041c  HidIr - ok
14:00:37.0174 0x041c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:00:37.0192 0x041c  hidserv - ok
14:00:37.0229 0x041c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:00:37.0231 0x041c  HidUsb - ok
14:00:37.0238 0x041c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:00:37.0254 0x041c  hkmsvc - ok
14:00:37.0269 0x041c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:00:37.0269 0x041c  HomeGroupListener - ok
14:00:37.0310 0x041c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:00:37.0317 0x041c  HomeGroupProvider - ok
14:00:37.0338 0x041c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:00:37.0338 0x041c  HpSAMD - ok
14:00:37.0412 0x041c  [ 4DB356DF142BAD89A5F9E798B2A01E01, F6D43410524ACB391FAA37D7B913775CA33E08F7B75C4621607BB62B812D99C5 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
14:00:37.0419 0x041c  HPSupportSolutionsFrameworkService - ok
14:00:37.0517 0x041c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:00:37.0536 0x041c  HTTP - ok
14:00:37.0553 0x041c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:00:37.0553 0x041c  hwpolicy - ok
14:00:37.0584 0x041c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:00:37.0584 0x041c  i8042prt - ok
14:00:37.0639 0x041c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:00:37.0653 0x041c  iaStorV - ok
14:00:37.0760 0x041c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:00:37.0819 0x041c  idsvc - ok
14:00:37.0833 0x041c  IEEtwCollectorService - ok
14:00:37.0861 0x041c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:00:37.0863 0x041c  iirsp - ok
14:00:37.0909 0x041c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:00:37.0932 0x041c  IKEEXT - ok
14:00:38.0099 0x041c  [ F164A1D46A3848A18A44F8ACB12961BD, B02CC645B66ABB2BF87615A7345D06849E9E05FC46174923F33749C7A6F9DFD3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:00:38.0168 0x041c  IntcAzAudAddService - ok
14:00:38.0330 0x041c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:00:38.0335 0x041c  intelide - ok
14:00:38.0354 0x041c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:00:38.0354 0x041c  intelppm - ok
14:00:38.0520 0x041c  [ D46E04D83A3E174A98DC90FE23AB08DE, 0285B4A311645D292A26B276511877B46A42526BDBFBC12E3BD876A74F074720 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:00:38.0524 0x041c  IntuitUpdateServiceV4 - ok
14:00:38.0576 0x041c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:00:38.0576 0x041c  IPBusEnum - ok
14:00:38.0637 0x041c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:00:38.0640 0x041c  IpFilterDriver - ok
14:00:38.0725 0x041c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:00:38.0759 0x041c  iphlpsvc - ok
14:00:38.0793 0x041c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:00:38.0796 0x041c  IPMIDRV - ok
14:00:38.0815 0x041c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:00:38.0819 0x041c  IPNAT - ok
14:00:38.0876 0x041c  [ F96B9EDC032E61EB87652896E92ED526, F9E3CD2FA2D963C56034A4F606869467FDC6647B916CF457249270E6C337A8A5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:00:38.0890 0x041c  iPod Service - ok
14:00:38.0909 0x041c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:00:38.0911 0x041c  IRENUM - ok
14:00:38.0929 0x041c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:00:38.0932 0x041c  isapnp - ok
14:00:38.0963 0x041c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:00:38.0970 0x041c  iScsiPrt - ok
14:00:38.0992 0x041c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:00:38.0994 0x041c  kbdclass - ok
14:00:39.0022 0x041c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:00:39.0024 0x041c  kbdhid - ok
14:00:39.0036 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] KeyIso          C:\Windows\system32\lsass.exe
14:00:39.0037 0x041c  KeyIso - ok
14:00:39.0086 0x041c  [ 211A379BAAB812A7B437319BD85B2435, 4C8B82817B735BEFC0C8E2A42C7EF547D1C179561D3C97B3067B5EA3408F9E4D ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:00:39.0088 0x041c  KSecDD - ok
14:00:39.0119 0x041c  [ CC1B3B52F33CBC1CE60867DA4E23537C, A373DBCE6A53B77F59D9C83E243E5C1A2B4C38571CA28198229730D612561978 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:00:39.0123 0x041c  KSecPkg - ok
14:00:39.0138 0x041c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:00:39.0139 0x041c  ksthunk - ok
14:00:39.0171 0x041c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:00:39.0195 0x041c  KtmRm - ok
14:00:39.0240 0x041c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:00:39.0247 0x041c  LanmanServer - ok
14:00:39.0276 0x041c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:00:39.0281 0x041c  LanmanWorkstation - ok
14:00:39.0629 0x041c  [ 5631095B320DF338CD9DB302826D7CCE, 21DAF562371850ABB085E53C0498F2C5BA35EB515FA49CB6903F23F261084B13 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
14:00:39.0847 0x041c  Lenovo EasyPlus Hotspot - ok
14:00:39.0879 0x041c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:00:39.0881 0x041c  lltdio - ok
14:00:39.0915 0x041c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:00:39.0925 0x041c  lltdsvc - ok
14:00:39.0945 0x041c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:00:39.0947 0x041c  lmhosts - ok
14:00:40.0095 0x041c  [ 37DFBF0D4E4657C6AD1200A3A1C6DDF1, 6F45469D7E8803419774DBD3A05187574B15358545C8781BE3314F475C56061A ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
14:00:40.0152 0x041c  LSCWinService - ok
14:00:40.0187 0x041c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:00:40.0190 0x041c  LSI_FC - ok
14:00:40.0218 0x041c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:00:40.0222 0x041c  LSI_SAS - ok
14:00:40.0250 0x041c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:00:40.0252 0x041c  LSI_SAS2 - ok
14:00:40.0300 0x041c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:00:40.0304 0x041c  LSI_SCSI - ok
14:00:40.0321 0x041c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:00:40.0325 0x041c  luafv - ok
14:00:40.0376 0x041c  [ 3E23A0792D5EE0A072961E9E9F347368, 3887351DF52AF974B6C48097A032521C7122D8C23054C8F9024AA876CED14E81 ] MCTDesktopSvr   C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
14:00:40.0381 0x041c  MCTDesktopSvr - ok
14:00:40.0457 0x041c  [ 2BC907AFA130AB01CEF5EF7333CB0F11, 6F9265453A76BBD417B61137EF746379C8C5AC70C11A746600E80EFE1B475CEC ] mctkmd          C:\Windows\system32\drivers\mctkmd64.sys
14:00:40.0462 0x041c  mctkmd - ok
14:00:40.0489 0x041c  [ 7E622C16CA2798B352C0B31DBB208CBD, 226D877CC86526BDA361557ED2506743CA05E9532C6DD9F60870F50C9505E8CC ] mctkmdldr       C:\Windows\system32\drivers\mctkmdldr64.sys
14:00:40.0491 0x041c  mctkmdldr - ok
14:00:40.0578 0x041c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:00:40.0582 0x041c  Mcx2Svc - ok
14:00:40.0599 0x041c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:00:40.0602 0x041c  megasas - ok
14:00:40.0629 0x041c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:00:40.0636 0x041c  MegaSR - ok
14:00:40.0655 0x041c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:00:40.0659 0x041c  MMCSS - ok
14:00:40.0669 0x041c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:00:40.0671 0x041c  Modem - ok
14:00:40.0704 0x041c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:00:40.0706 0x041c  monitor - ok
14:00:40.0730 0x041c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:00:40.0733 0x041c  mouclass - ok
14:00:40.0751 0x041c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:00:40.0756 0x041c  mouhid - ok
14:00:40.0791 0x041c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:00:40.0794 0x041c  mountmgr - ok
14:00:40.0851 0x041c  [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:00:40.0855 0x041c  MozillaMaintenance - ok
14:00:40.0924 0x041c  [ DA0FAEE45D6F03D7647851A20977A7D0, AFB1EA053CD4BCA903868896D020205D4C207C85314E6C56C4663922A3F9BD6A ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:00:40.0931 0x041c  MpFilter - ok
14:00:40.0957 0x041c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:00:40.0961 0x041c  mpio - ok
14:00:40.0980 0x041c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:00:40.0983 0x041c  mpsdrv - ok
14:00:41.0056 0x041c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:00:41.0090 0x041c  MpsSvc - ok
14:00:41.0132 0x041c  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:00:41.0150 0x041c  MRxDAV - ok
14:00:41.0219 0x041c  [ 07F8F6B0CAEC7ADD30EBD94940A315D7, 288429A146B74E88D93C5BC19D878A42AC6F411EE31D9A6D36A2A2FFCF7B9436 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:00:41.0241 0x041c  mrxsmb - ok
14:00:41.0268 0x041c  [ 8856E45D23BFF4D977BF06D0543BCD96, 0066C061A3516A16C2477590859865E46E522A290CCE17C3EC1B69F81E466E9E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:00:41.0288 0x041c  mrxsmb10 - ok
14:00:41.0309 0x041c  [ 8D383CED28332B5F3894658857472F47, CB3872543D08C6432CF884C11A5897637A6FC7E9AC40F424444BAAA49C9FC32A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:00:41.0328 0x041c  mrxsmb20 - ok
14:00:41.0352 0x041c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:00:41.0354 0x041c  msahci - ok
14:00:41.0384 0x041c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:00:41.0388 0x041c  msdsm - ok
14:00:41.0413 0x041c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:00:41.0418 0x041c  MSDTC - ok
14:00:41.0440 0x041c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:00:41.0443 0x041c  Msfs - ok
14:00:41.0463 0x041c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:00:41.0465 0x041c  mshidkmdf - ok
14:00:41.0482 0x041c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:00:41.0485 0x041c  msisadrv - ok
14:00:41.0515 0x041c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:00:41.0519 0x041c  MSiSCSI - ok
14:00:41.0526 0x041c  msiserver - ok
14:00:41.0559 0x041c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:00:41.0562 0x041c  MSKSSRV - ok
14:00:41.0663 0x041c  [ C66FE30BBA4604A06EE9E4180ABE4BD9, 43E60C15C05FF19082142BB9D1F29D1B3269AD4A7FB32AF109AE63FE5A6AA0A9 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:00:41.0669 0x041c  MsMpSvc - ok
14:00:41.0693 0x041c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:00:41.0695 0x041c  MSPCLOCK - ok
14:00:41.0711 0x041c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:00:41.0713 0x041c  MSPQM - ok
14:00:41.0737 0x041c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:00:41.0746 0x041c  MsRPC - ok
14:00:41.0764 0x041c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:00:41.0766 0x041c  mssmbios - ok
14:00:41.0793 0x041c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:00:41.0794 0x041c  MSTEE - ok
14:00:41.0805 0x041c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:00:41.0807 0x041c  MTConfig - ok
14:00:41.0829 0x041c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:00:41.0832 0x041c  Mup - ok
14:00:41.0862 0x041c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:00:41.0873 0x041c  napagent - ok
14:00:41.0904 0x041c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:00:41.0911 0x041c  NativeWifiP - ok
14:00:42.0066 0x041c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:00:42.0127 0x041c  NDIS - ok
14:00:42.0155 0x041c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:00:42.0162 0x041c  NdisCap - ok
14:00:42.0201 0x041c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:00:42.0207 0x041c  NdisTapi - ok
14:00:42.0234 0x041c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:00:42.0237 0x041c  Ndisuio - ok
14:00:42.0263 0x041c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:00:42.0267 0x041c  NdisWan - ok
14:00:42.0281 0x041c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:00:42.0284 0x041c  NDProxy - ok
14:00:42.0310 0x041c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:00:42.0312 0x041c  NetBIOS - ok
14:00:42.0326 0x041c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:00:42.0333 0x041c  NetBT - ok
14:00:42.0390 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] Netlogon        C:\Windows\system32\lsass.exe
14:00:42.0392 0x041c  Netlogon - ok
14:00:42.0448 0x041c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:00:42.0456 0x041c  Netman - ok
14:00:42.0493 0x041c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:00:42.0497 0x041c  NetMsmqActivator - ok
14:00:42.0516 0x041c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:00:42.0519 0x041c  NetPipeActivator - ok
14:00:42.0711 0x041c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:00:42.0735 0x041c  netprofm - ok
14:00:42.0760 0x041c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:00:42.0762 0x041c  NetTcpActivator - ok
14:00:42.0772 0x041c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:00:42.0775 0x041c  NetTcpPortSharing - ok
14:00:42.0809 0x041c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:00:42.0811 0x041c  nfrd960 - ok
14:00:42.0905 0x041c  [ 6D79C8CB73187FBEAAD1F680FADF98D3, 0075B2CCC4FFF929023F95686D7BBE32C0FCE05DEB2159C0784AF85D64E1B66E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:00:42.0909 0x041c  NisDrv - ok
14:00:42.0946 0x041c  [ B8F4F580638373FBF72F2B572446D294, A5CD9ABCA5CDC335D2C6FDCB81327B600150E45BB867B88859A00AF974B42F85 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:00:42.0954 0x041c  NisSrv - ok
14:00:42.0985 0x041c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:00:42.0993 0x041c  NlaSvc - ok
14:00:43.0018 0x041c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:00:43.0020 0x041c  Npfs - ok
14:00:43.0040 0x041c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:00:43.0042 0x041c  nsi - ok
14:00:43.0059 0x041c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:00:43.0061 0x041c  nsiproxy - ok
14:00:43.0151 0x041c  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:00:43.0203 0x041c  Ntfs - ok
14:00:43.0238 0x041c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:00:43.0243 0x041c  Null - ok
14:00:43.0282 0x041c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:00:43.0286 0x041c  nvraid - ok
14:00:43.0306 0x041c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:00:43.0311 0x041c  nvstor - ok
14:00:43.0329 0x041c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:00:43.0340 0x041c  nv_agp - ok
14:00:43.0370 0x041c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:00:43.0373 0x041c  ohci1394 - ok
14:00:43.0479 0x041c  [ 8898901D0E5BCCFC0B32C6BF54E0A569, A2B45A73B1E11EAFA9A54DCFF70BD387466375D8FFF5D6E6871FD40DA30D11D8 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:00:43.0567 0x041c  ose - ok
14:00:43.0969 0x041c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:00:44.0132 0x041c  osppsvc - ok
14:00:44.0260 0x041c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:00:44.0268 0x041c  p2pimsvc - ok
14:00:44.0362 0x041c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:00:44.0385 0x041c  p2psvc - ok
14:00:44.0433 0x041c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:00:44.0436 0x041c  Parport - ok
14:00:44.0462 0x041c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:00:44.0465 0x041c  partmgr - ok
14:00:44.0506 0x041c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:00:44.0511 0x041c  PcaSvc - ok
14:00:44.0565 0x041c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:00:44.0574 0x041c  pci - ok
14:00:44.0610 0x041c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:00:44.0612 0x041c  pciide - ok
14:00:44.0634 0x041c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:00:44.0639 0x041c  pcmcia - ok
14:00:44.0656 0x041c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:00:44.0658 0x041c  pcw - ok
14:00:44.0687 0x041c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:00:44.0701 0x041c  PEAUTH - ok
14:00:44.0858 0x041c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:00:44.0918 0x041c  PeerDistSvc - ok
14:00:44.0988 0x041c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:00:44.0990 0x041c  PerfHost - ok
14:00:45.0088 0x041c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:00:45.0139 0x041c  pla - ok
14:00:45.0184 0x041c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:00:45.0194 0x041c  PlugPlay - ok
14:00:45.0392 0x041c  [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
14:00:45.0453 0x041c  PMBDeviceInfoProvider - ok
14:00:45.0471 0x041c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:00:45.0476 0x041c  PNRPAutoReg - ok
14:00:45.0569 0x041c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:00:45.0580 0x041c  PNRPsvc - ok
14:00:45.0884 0x041c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:00:45.0938 0x041c  PolicyAgent - ok
14:00:46.0011 0x041c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:00:46.0019 0x041c  Power - ok
14:00:46.0096 0x041c  [ 22CF531986602699049569B79CD7A805, F121324D6584729672A73682FB5D1D8112BB576233D40EE00A0C708AAE5A5248 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
14:00:46.0099 0x041c  Power Manager DBC Service - ok
14:00:46.0128 0x041c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:00:46.0131 0x041c  PptpMiniport - ok
14:00:46.0158 0x041c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:00:46.0161 0x041c  Processor - ok
14:00:46.0192 0x041c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:00:46.0198 0x041c  ProfSvc - ok
14:00:46.0236 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:00:46.0238 0x041c  ProtectedStorage - ok
14:00:46.0266 0x041c  [ B8035AF9CC0CCBA9A09AC0A0D9801797, 6F09D25BAD66951B795326EBF01EFB3E03B000E51EB7A0D8D99C1ACC7478209B ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
14:00:46.0273 0x041c  psadd - ok
14:00:46.0302 0x041c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:00:46.0310 0x041c  Psched - ok
14:00:46.0382 0x041c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:00:46.0427 0x041c  ql2300 - ok
14:00:46.0476 0x041c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:00:46.0491 0x041c  ql40xx - ok
14:00:46.0527 0x041c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:00:46.0536 0x041c  QWAVE - ok
14:00:46.0553 0x041c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:00:46.0554 0x041c  QWAVEdrv - ok
14:00:46.0598 0x041c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:00:46.0600 0x041c  RasAcd - ok
14:00:46.0640 0x041c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:00:46.0642 0x041c  RasAgileVpn - ok
14:00:46.0663 0x041c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:00:46.0671 0x041c  RasAuto - ok
14:00:46.0690 0x041c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:00:46.0694 0x041c  Rasl2tp - ok
14:00:46.0716 0x041c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:00:46.0725 0x041c  RasMan - ok
14:00:46.0751 0x041c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:00:46.0755 0x041c  RasPppoe - ok
14:00:46.0777 0x041c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:00:46.0789 0x041c  RasSstp - ok
14:00:46.0814 0x041c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:00:46.0822 0x041c  rdbss - ok
14:00:46.0838 0x041c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:00:46.0841 0x041c  rdpbus - ok
14:00:46.0842 0x041c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:00:46.0842 0x041c  RDPCDD - ok
14:00:46.0889 0x041c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:00:46.0928 0x041c  RDPDR - ok
14:00:46.0954 0x041c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:00:46.0970 0x041c  RDPENCDD - ok
14:00:47.0005 0x041c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:00:47.0019 0x041c  RDPREFMP - ok
14:00:47.0112 0x041c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:00:47.0139 0x041c  RDPWD - ok
14:00:47.0171 0x041c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:00:47.0189 0x041c  rdyboost - ok
14:00:47.0221 0x041c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:00:47.0224 0x041c  RemoteAccess - ok
14:00:47.0304 0x041c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:00:47.0309 0x041c  RemoteRegistry - ok
14:00:47.0331 0x041c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:00:47.0334 0x041c  RpcEptMapper - ok
14:00:47.0353 0x041c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:00:47.0353 0x041c  RpcLocator - ok
14:00:47.0384 0x041c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:00:47.0400 0x041c  RpcSs - ok
14:00:47.0438 0x041c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:00:47.0438 0x041c  rspndr - ok
14:00:47.0484 0x041c  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:00:47.0500 0x041c  RSUSBSTOR - ok
14:00:47.0513 0x041c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:00:47.0515 0x041c  s3cap - ok
14:00:47.0535 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] SamSs           C:\Windows\system32\lsass.exe
14:00:47.0537 0x041c  SamSs - ok
14:00:47.0565 0x041c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:00:47.0565 0x041c  SASDIFSV - ok
14:00:47.0605 0x041c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:00:47.0606 0x041c  SASKUTIL - ok
14:00:47.0630 0x041c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:00:47.0634 0x041c  sbp2port - ok
14:00:47.0743 0x041c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:00:47.0753 0x041c  SCardSvr - ok
14:00:47.0773 0x041c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:00:47.0775 0x041c  scfilter - ok
14:00:47.0837 0x041c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
14:00:47.0856 0x041c  Schedule - ok
14:00:47.0913 0x041c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:00:47.0915 0x041c  SCPolicySvc - ok
14:00:47.0938 0x041c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:00:47.0938 0x041c  SDRSVC - ok
14:00:47.0969 0x041c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:00:48.0006 0x041c  secdrv - ok
14:00:48.0069 0x041c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
14:00:48.0102 0x041c  seclogon - ok
14:00:48.0125 0x041c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:00:48.0129 0x041c  SENS - ok
14:00:48.0155 0x041c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:00:48.0155 0x041c  SensrSvc - ok
14:00:48.0170 0x041c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:00:48.0189 0x041c  Serenum - ok
14:00:48.0221 0x041c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:00:48.0224 0x041c  Serial - ok
14:00:48.0249 0x041c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:00:48.0270 0x041c  sermouse - ok
14:00:48.0355 0x041c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:00:48.0355 0x041c  SessionEnv - ok
14:00:48.0371 0x041c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:00:48.0388 0x041c  sffdisk - ok
14:00:48.0445 0x041c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:00:48.0445 0x041c  sffp_mmc - ok
14:00:48.0460 0x041c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:00:48.0460 0x041c  sffp_sd - ok
14:00:48.0491 0x041c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:00:48.0494 0x041c  sfloppy - ok
14:00:48.0525 0x041c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:00:48.0537 0x041c  SharedAccess - ok
14:00:48.0569 0x041c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:00:48.0569 0x041c  ShellHWDetection - ok
14:00:48.0615 0x041c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:00:48.0624 0x041c  SiSRaid2 - ok
14:00:48.0679 0x041c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:00:48.0682 0x041c  SiSRaid4 - ok
14:00:48.0792 0x041c  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:00:48.0804 0x041c  SkypeUpdate - ok
14:00:48.0832 0x041c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:00:48.0835 0x041c  Smb - ok
14:00:48.0873 0x041c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:00:48.0878 0x041c  SNMPTRAP - ok
14:00:48.0894 0x041c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:00:48.0904 0x041c  spldr - ok
14:00:48.0940 0x041c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:00:48.0956 0x041c  Spooler - ok
14:00:49.0386 0x041c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:00:49.0574 0x041c  sppsvc - ok
14:00:49.0613 0x041c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:00:49.0618 0x041c  sppuinotify - ok
14:00:49.0689 0x041c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:00:49.0706 0x041c  srv - ok
14:00:49.0730 0x041c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:00:49.0739 0x041c  srv2 - ok
14:00:49.0838 0x041c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:00:49.0866 0x041c  srvnet - ok
14:00:49.0894 0x041c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:00:49.0899 0x041c  SSDPSRV - ok
14:00:49.0944 0x041c  [ 1100066057FBF612B573EFD3B21383F1, 894F5A999E03807DFFEA67938D2E456D50D9E5511FE91D2E2293C51D98B3D87D ] ssmirrdr        C:\Windows\system32\DRIVERS\ssmirrdr.sys
14:00:49.0949 0x041c  ssmirrdr - ok
14:00:49.0970 0x041c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:00:49.0974 0x041c  SstpSvc - ok
14:00:50.0013 0x041c  [ 37680AECA1BF2D430719A297F68ECD49, 64E6A2C077316CE4807F2F480324F4011003686F698CCB0AA93C659DAAE1FAB5 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:00:50.0018 0x041c  ssudmdm - ok
14:00:50.0158 0x041c  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
14:00:50.0184 0x041c  ss_conn_service - ok
14:00:50.0205 0x041c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:00:50.0207 0x041c  stexstor - ok
14:00:50.0251 0x041c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:00:50.0266 0x041c  stisvc - ok
14:00:50.0291 0x041c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:00:50.0294 0x041c  storflt - ok
14:00:50.0313 0x041c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
14:00:50.0316 0x041c  StorSvc - ok
14:00:50.0339 0x041c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:00:50.0341 0x041c  storvsc - ok
14:00:50.0455 0x041c  [ 4B60A74B50045F3695C42731FC9FA6E5, 42CABF164DD79A54DA7E697CE873DF206BB2A4C8CB4D8918ACC1B52488B30AEB ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
14:00:50.0460 0x041c  SUService - ok
14:00:50.0488 0x041c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:00:50.0490 0x041c  swenum - ok
14:00:50.0525 0x041c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:00:50.0539 0x041c  swprv - ok
14:00:50.0612 0x041c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
14:00:50.0663 0x041c  SysMain - ok
14:00:50.0717 0x041c  [ FCEC997AF05B09F5DE9A5E6952CA0E5A, 9F7FF39C3DF619948364301118B8306978924A001642BBC35BC953082F3B3E99 ] t2usb64         C:\Windows\system32\drivers\t2usb64.sys
14:00:50.0750 0x041c  t2usb64 - ok
14:00:50.0789 0x041c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:00:50.0794 0x041c  TabletInputService - ok
14:00:50.0814 0x041c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:00:50.0824 0x041c  TapiSrv - ok
14:00:50.0839 0x041c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:00:50.0842 0x041c  TBS - ok
14:00:50.0919 0x041c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:00:50.0978 0x041c  Tcpip - ok
14:00:51.0108 0x041c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:00:51.0140 0x041c  TCPIP6 - ok
14:00:51.0177 0x041c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:00:51.0179 0x041c  tcpipreg - ok
14:00:51.0220 0x041c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:00:51.0222 0x041c  TDPIPE - ok
14:00:51.0238 0x041c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:00:51.0238 0x041c  TDTCP - ok
14:00:51.0285 0x041c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:00:51.0312 0x041c  tdx - ok
14:00:52.0013 0x041c  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
14:00:52.0244 0x041c  TeamViewer - ok
14:00:52.0310 0x041c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:00:52.0313 0x041c  TermDD - ok
14:00:52.0433 0x041c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:00:52.0469 0x041c  TermService - ok
14:00:52.0507 0x041c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:00:52.0510 0x041c  Themes - ok
14:00:52.0534 0x041c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:00:52.0536 0x041c  THREADORDER - ok
14:00:52.0558 0x041c  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
14:00:52.0560 0x041c  TPM - ok
14:00:52.0584 0x041c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:00:52.0589 0x041c  TrkWks - ok
14:00:52.0645 0x041c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:00:52.0650 0x041c  TrustedInstaller - ok
14:00:52.0678 0x041c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:00:52.0693 0x041c  tssecsrv - ok
14:00:52.0718 0x041c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:00:52.0720 0x041c  TsUsbFlt - ok
14:00:52.0735 0x041c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:00:52.0738 0x041c  TsUsbGD - ok
14:00:52.0766 0x041c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:00:52.0770 0x041c  tunnel - ok
14:00:52.0790 0x041c  [ 4DAAE0413CD4E816258838E2FAFB3147, 7D45621A0148C2EEA4302A5852D9407DCEF1947936E9E840788F01625E869CDD ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
14:00:52.0792 0x041c  TVTI2C - ok
14:00:52.0814 0x041c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:00:52.0817 0x041c  uagp35 - ok
14:00:52.0838 0x041c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:00:52.0838 0x041c  udfs - ok
14:00:52.0887 0x041c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:00:52.0890 0x041c  UI0Detect - ok
14:00:53.0032 0x041c  [ BE788A747457E6916586C410EC0111E7, 525F9065270AF40FED854C5B3C7E690783F5169C2F9286EE225F6C817ED1E237 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:00:53.0037 0x041c  UleadBurningHelper - ok
14:00:53.0056 0x041c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:00:53.0062 0x041c  uliagpkx - ok
14:00:53.0083 0x041c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:00:53.0086 0x041c  umbus - ok
14:00:53.0102 0x041c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:00:53.0104 0x041c  UmPass - ok
14:00:53.0146 0x041c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:00:53.0163 0x041c  UmRdpService - ok
14:00:53.0183 0x041c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:00:53.0192 0x041c  upnphost - ok
14:00:53.0247 0x041c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:00:53.0250 0x041c  USBAAPL64 - ok
14:00:53.0276 0x041c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:00:53.0292 0x041c  usbccgp - ok
14:00:53.0315 0x041c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:00:53.0319 0x041c  usbcir - ok
14:00:53.0358 0x041c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:00:53.0360 0x041c  usbehci - ok
14:00:53.0385 0x041c  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:00:53.0388 0x041c  usbfilter - ok
14:00:53.0415 0x041c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:00:53.0423 0x041c  usbhub - ok
14:00:53.0437 0x041c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:00:53.0438 0x041c  usbohci - ok
14:00:53.0466 0x041c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:00:53.0479 0x041c  usbprint - ok
14:00:53.0510 0x041c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:00:53.0524 0x041c  usbscan - ok
14:00:53.0549 0x041c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:00:53.0565 0x041c  USBSTOR - ok
14:00:53.0577 0x041c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:00:53.0579 0x041c  usbuhci - ok
14:00:53.0605 0x041c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:00:53.0610 0x041c  usbvideo - ok
14:00:53.0631 0x041c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:00:53.0634 0x041c  UxSms - ok
14:00:53.0653 0x041c  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:00:53.0655 0x041c  VaultSvc - ok
14:00:53.0676 0x041c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:00:53.0678 0x041c  vdrvroot - ok
14:00:53.0701 0x041c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:00:53.0714 0x041c  vds - ok
14:00:53.0734 0x041c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:00:53.0736 0x041c  vga - ok
14:00:53.0738 0x041c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:00:53.0738 0x041c  VgaSave - ok
14:00:53.0770 0x041c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:00:53.0770 0x041c  vhdmp - ok
14:00:53.0785 0x1c44  Object required for P2P: [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc
14:00:53.0804 0x041c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:00:53.0812 0x041c  viaide - ok
14:00:53.0825 0x041c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:00:53.0831 0x041c  vmbus - ok
14:00:53.0847 0x041c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:00:53.0849 0x041c  VMBusHID - ok
14:00:53.0866 0x041c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:00:53.0882 0x041c  volmgr - ok
14:00:53.0925 0x041c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:00:53.0936 0x041c  volmgrx - ok
14:00:53.0970 0x041c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:00:53.0970 0x041c  volsnap - ok
14:00:54.0139 0x041c  [ DDF7522FBEF8D50E015E743813595801, F4839D7BC540219463A52E85370B6CD77CFDD8E3068869BAF52DB9F7FAC0C2EB ] vrvd5           C:\Windows\system32\DRIVERS\vrvd5.sys
14:00:54.0140 0x041c  vrvd5 - ok
14:00:54.0172 0x041c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:00:54.0199 0x041c  vsmraid - ok
14:00:54.0257 0x041c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:00:54.0317 0x041c  VSS - ok
14:00:54.0334 0x041c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:00:54.0360 0x041c  vwifibus - ok
14:00:54.0393 0x041c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:00:54.0402 0x041c  W32Time - ok
14:00:54.0440 0x041c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:00:54.0449 0x041c  WacomPen - ok
14:00:54.0474 0x041c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:00:54.0486 0x041c  WANARP - ok
14:00:54.0500 0x041c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:00:54.0502 0x041c  Wanarpv6 - ok
14:00:54.0706 0x041c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:00:54.0747 0x041c  WatAdminSvc - ok
14:00:54.0912 0x041c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:00:54.0953 0x041c  wbengine - ok
14:00:55.0001 0x041c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:00:55.0007 0x041c  WbioSrvc - ok
14:00:55.0029 0x041c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:00:55.0038 0x041c  wcncsvc - ok
14:00:55.0054 0x041c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:00:55.0054 0x041c  WcsPlugInService - ok
14:00:55.0069 0x041c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:00:55.0069 0x041c  Wd - ok
14:00:55.0138 0x041c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:00:55.0169 0x041c  Wdf01000 - ok
14:00:55.0204 0x041c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:00:55.0209 0x041c  WdiServiceHost - ok
14:00:55.0216 0x041c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:00:55.0220 0x041c  WdiSystemHost - ok
14:00:55.0270 0x041c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
14:00:55.0293 0x041c  WebClient - ok
14:00:55.0308 0x041c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:00:55.0315 0x041c  Wecsvc - ok
14:00:55.0328 0x041c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:00:55.0332 0x041c  wercplsupport - ok
14:00:55.0361 0x041c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:00:55.0365 0x041c  WerSvc - ok
14:00:55.0394 0x041c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:00:55.0396 0x041c  WfpLwf - ok
14:00:55.0414 0x041c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:00:55.0416 0x041c  WIMMount - ok
14:00:55.0438 0x041c  WinDefend - ok
14:00:55.0454 0x041c  WinHttpAutoProxySvc - ok
14:00:55.0599 0x041c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:00:55.0605 0x041c  Winmgmt - ok
14:00:55.0692 0x041c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:00:56.0016 0x041c  WinRM - ok
14:00:56.0094 0x041c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:00:56.0108 0x041c  WinUsb - ok
14:00:56.0201 0x041c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:00:56.0235 0x041c  Wlansvc - ok
14:00:56.0459 0x1c44  Object send P2P result: true
14:00:56.0475 0x1c44  Object required for P2P: [ DA0FAEE45D6F03D7647851A20977A7D0 ] MpFilter
14:00:56.0525 0x041c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:00:56.0591 0x041c  wlidsvc - ok
14:00:56.0634 0x041c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:00:56.0637 0x041c  WmiAcpi - ok
14:00:56.0674 0x041c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:00:56.0680 0x041c  wmiApSrv - ok
14:00:56.0712 0x041c  WMPNetworkSvc - ok
14:00:56.0742 0x041c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:00:56.0744 0x041c  WPCSvc - ok
14:00:56.0757 0x041c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:00:56.0763 0x041c  WPDBusEnum - ok
14:00:56.0778 0x041c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:00:56.0780 0x041c  ws2ifsl - ok
14:00:56.0810 0x041c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:00:56.0815 0x041c  wscsvc - ok
14:00:56.0821 0x041c  WSearch - ok
14:00:56.0945 0x041c  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:00:57.0020 0x041c  wuauserv - ok
14:00:57.0089 0x041c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:00:57.0092 0x041c  WudfPf - ok
14:00:57.0143 0x041c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:00:57.0213 0x041c  WUDFRd - ok
14:00:57.0250 0x041c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:00:57.0250 0x041c  wudfsvc - ok
14:00:57.0321 0x041c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:00:57.0338 0x041c  WwanSvc - ok
14:00:57.0353 0x041c  ================ Scan global ===============================
14:00:57.0454 0x041c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
14:00:57.0513 0x041c  [ DE4812AB2E6926D0FF2423F3B774585A, 77604B47F2A91F77DDF778D8D362A0145636ED060596760ED55D76DD12E04B79 ] C:\Windows\system32\winsrv.dll
14:00:57.0526 0x041c  [ DE4812AB2E6926D0FF2423F3B774585A, 77604B47F2A91F77DDF778D8D362A0145636ED060596760ED55D76DD12E04B79 ] C:\Windows\system32\winsrv.dll
14:00:57.0553 0x041c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:00:57.0584 0x041c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:00:57.0584 0x041c  [ Global ] - ok
14:00:57.0584 0x041c  ================ Scan MBR ==================================
14:00:57.0609 0x041c  [ 8B360FD3F035DA397C4FC81D4F270304 ] \Device\Harddisk0\DR0
14:00:58.0787 0x041c  \Device\Harddisk0\DR0 - ok
14:00:58.0800 0x041c  [ 8464D19686910A2E5D0E5C28C70A95AB ] \Device\Harddisk1\DR1
14:00:58.0808 0x041c  \Device\Harddisk1\DR1 - ok
14:00:58.0809 0x041c  ================ Scan VBR ==================================
14:00:58.0840 0x041c  [ B6A1B622D8D371D29E772D5254F74C19 ] \Device\Harddisk0\DR0\Partition1
14:00:58.0842 0x041c  \Device\Harddisk0\DR0\Partition1 - ok
14:00:58.0856 0x041c  [ 980E241C09E9BF40F96137262F39B242 ] \Device\Harddisk0\DR0\Partition2
14:00:58.0859 0x041c  \Device\Harddisk0\DR0\Partition2 - ok
14:00:58.0893 0x041c  [ 22F95706C0E31E6E1C6E7C9900334A86 ] \Device\Harddisk0\DR0\Partition3
14:00:58.0899 0x041c  \Device\Harddisk0\DR0\Partition3 - ok
14:00:58.0911 0x041c  [ D878FE1A32BAFA95AA767DAE0667B17B ] \Device\Harddisk1\DR1\Partition1
14:00:58.0912 0x041c  \Device\Harddisk1\DR1\Partition1 - ok
14:00:58.0912 0x041c  ================ Scan generic autorun ======================
14:00:59.0106 0x1c44  Object send P2P result: true
14:00:59.0108 0x1c44  Object required for P2P: [ 6D79C8CB73187FBEAAD1F680FADF98D3 ] NisDrv
14:00:59.0122 0x041c  [ 08B6079EF4AE4BC74B7FA9BE9C97DF82, A6C8ACEC2855546F8CE06D6F7D7295968D1168C00E03017DB13CB0E17B5F976B ] C:\PROGRA~2\MCTCOR~1\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
14:00:59.0144 0x041c  TUCCDUtil - ok
14:00:59.0977 0x041c  [ BDC4918CF2A9224BDCBF1C78E1D3569E, 6E4C628F4EC5BDD3150E9E82FE1062212974038C9BEA44A61AF78BAA1168A7DC ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:01:00.0367 0x041c  RTHDVCPL - ok
14:01:00.0544 0x041c  [ DD7B4F9E6B71A599FEF4BD9DA0AE57C2, 6B22356F74F7ED069A3FC39C62326AA98A70D0E860A2EB29A6C46F4077FB567A ] c:\Program Files\Microsoft Security Client\msseces.exe
14:01:00.0584 0x041c  MSC - ok
14:01:00.0648 0x041c  [ D2F6175D5993DE9443791E33C28693FA, 4DDC844B6213AAA4A91402CD92882F40583BBFD5E5223EDEC74D60D78020A4AF ] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe
14:01:00.0653 0x041c  MCTDUtil - ok
14:01:00.0664 0x041c  [ D2F6175D5993DE9443791E33C28693FA, 4DDC844B6213AAA4A91402CD92882F40583BBFD5E5223EDEC74D60D78020A4AF ] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe
14:01:00.0667 0x041c  FDispPos - ok
14:01:00.0837 0x041c  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
14:01:00.0999 0x041c  AdobeAAMUpdater-1.0 - ok
14:01:01.0038 0x041c  [ CC9823AA6E3F6229CD6DA193551314A5, 76BCD2BCA391C2114BF9D28FA290D9B39D16379C410070E0E3A6376FDEE51CE1 ] C:\Program Files\iTunes\iTunesHelper.exe
14:01:01.0038 0x041c  iTunesHelper - ok
14:01:01.0235 0x041c  [ 339F0BA18A051623B8C471C32E94A222, 8780FF2BD3252E69CD6CF581D5F1738E897ECFA7C1BEA6ED41CA84ECB7C35A0A ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:01:01.0254 0x041c  StartCCC - ok
14:01:01.0322 0x041c  [ 846965AE55A2662B1576C0F392DD1D6E, 0ADE383991FDC5A49DD15A27CB52CF75ABF518F0335E92003C0FF75DB417BBDC ] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
14:01:01.0327 0x041c  SSBkgdUpdate - ok
14:01:01.0457 0x041c  [ A4A66195EB0ECD574A32AAA92DC0A7BD, 4E30D565917158316A541BB29D73BF5F3A01DAB1240363276DE0C5D59B2BFFFE ] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe
14:01:01.0490 0x041c  PPort11reminder - ok
14:01:01.0557 0x041c  [ 7556C7ECF122CE7E2C745D5656ACE256, 2FC78A1D3C90801141839A4DC79A32FC6F66EF6B0599650E29A58BE99127B85E ] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe
14:01:01.0562 0x041c  Power Manager Power Agenda - ok
14:01:01.0769 0x1c44  Object send P2P result: true
14:01:01.0847 0x041c  [ B3E053ED10DD568A3B292241F1A74D32, 62606F78FF968D7DF3EF04CD146749B525AEC9C438E9A897DA48F05577659DB2 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
14:01:02.0092 0x041c  Lenovo Registration - ok
14:01:02.0134 0x041c  [ BE72C212B14FC8F872A70C6C311D0529, 9C6A8060FD4505925894D8FD08EFCDE16BEEAAC70264519135B261C026333CAA ] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
14:01:02.0136 0x041c  IndexSearch - ok
14:01:02.0235 0x041c  [ 885A81A05F749897A455F439E302F1BD, F4CF5980A7CE5449CF5CF1586AE0FCDE0F4C640CBDD0FE5C1870412017A3CB29 ] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
14:01:02.0568 0x041c  Fastboot - ok
14:01:02.0706 0x041c  [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
14:01:02.0710 0x041c  ControlCenter3 - ok
14:01:02.0751 0x041c  [ 4D5D968FE6AE6BF94A807F73F7FF6B3D, 3D5D5D775EE251C2B903AA8DA804AE4D1632DD59A8A0A36C545FE984FCFE06DD ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
14:01:02.0801 0x041c  BrMfcWnd - ok
14:01:02.0874 0x041c  [ E971C2901BC0E9934D01D84AD127FAAF, 2DC4B1D898430CD152B16D0909C9DEF252579F91E093632E78D47F77CBFDC843 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:01:02.0880 0x041c  APSDaemon - ok
14:01:02.0881 0x041c  Http Listener - ok
14:01:03.0013 0x041c  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
14:01:03.0102 0x041c  AdobeCS6ServiceManager - ok
14:01:03.0426 0x041c  [ 6A4B4B5B98BF466C2953E16EFFBE3EB9, 4A4EED7E12A95AACE83737367A9F9B906C420A0BA6791E7AC80845CDFD9311AE ] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
14:01:03.0488 0x041c  Carbonite Backup - ok
14:01:03.0672 0x041c  [ 302775179EAFEF7290A10DF0E1F0016D, ADE7BA48EE7377FACD3C2D0D814B8BF9E73F530A75215DC10EC498D4CE52430D ] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
14:01:03.0745 0x041c  PMBVolumeWatcher - ok
14:01:04.0204 0x041c  [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:01:04.0223 0x041c  SunJavaUpdateSched - ok
14:01:04.0439 0x041c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:01:04.0470 0x041c  Sidebar - ok
14:01:04.0512 0x041c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:01:04.0515 0x041c  mctadmin - ok
14:01:04.0590 0x041c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:01:04.0609 0x041c  Sidebar - ok
14:01:04.0620 0x041c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:01:04.0622 0x041c  mctadmin - ok
14:01:05.0579 0x041c  [ C224456660839CFCAD2CD8DFB293F38B, D99B862217BBF99BF26B78615B3FDC1484607BA0A34E61C445345CD8D49501D4 ] C:\Program Files\CCleaner\CCleaner64.exe
14:01:05.0828 0x041c  CCleaner Monitoring - ok
14:01:06.0243 0x041c  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:01:06.0261 0x041c  OneDrive - ok
14:01:06.0264 0x041c  Waiting for KSN requests completion. In queue: 113
14:01:07.0272 0x041c  Waiting for KSN requests completion. In queue: 113
14:01:08.0284 0x041c  Waiting for KSN requests completion. In queue: 113
14:01:08.0732 0x1d38  Object required for P2P: [ 302775179EAFEF7290A10DF0E1F0016D ] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
14:01:09.0285 0x041c  Waiting for KSN requests completion. In queue: 8
14:01:10.0285 0x041c  Waiting for KSN requests completion. In queue: 8
14:01:11.0285 0x041c  Waiting for KSN requests completion. In queue: 8
14:01:11.0374 0x1d38  Object send P2P result: true
14:01:12.0349 0x041c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.9.218.0 ), 0x61000 ( enabled : updated )
14:01:12.0376 0x041c  Win FW state via NFP2: enabled ( trusted )
14:01:14.0880 0x041c  ============================================================
14:01:14.0880 0x041c  Scan finished
14:01:14.0880 0x041c  ============================================================
14:01:14.0922 0x22c0  Detected object count: 0
14:01:14.0922 0x22c0  Actual detected object count: 0
14:08:46.0069 0x1534  Deinitialize success
 
========= End of CMD: =========
 
 
==== End of Fixlog 13:38:25 ====
 
AdwCleaner found no errors except a folder I have of free youtube downloader.  I've had it for a long time with no issues.  All the other tabs were empty.  So I didn't "Clean".  Here's report
 
# AdwCleaner v5.111 - Logfile created 15/04/2016 at 13:53:42     # Updated 14/04/2016 by Xplode         # Database : 2016-04-15.1 [Server]         # Operating system : Windows 7 Professional Service Pack 1 (X64)   # Username : Jackie - JACKIE-LENOVO         # Running from : C:\Users\Jackie\Desktop\AdwCleaner.exe     # Option : Scan             # Support : http://toolslib.net/forum                         ***** [ Services ] *****                                           ***** [ Folders ] *****                           Folder Found : C:\Program Files (x86)\Free Youtube Downloader                     ***** [ Files ] *****                                             ***** [ DLL ] *****                                             ***** [ Shortcuts ] *****                                           ***** [ Scheduled tasks ] *****                                           ***** [ Registry ] *****                                           ***** [ Web browsers ] *****                                           *************************                           C:\AdwCleaner\AdwCleaner[C1].txt - [4339 bytes] - [25/03/2016 12:28:36]   C:\AdwCleaner\AdwCleaner[C2].txt - [4464 bytes] - [14/04/2016 11:54:14]   C:\AdwCleaner\AdwCleaner[R0].txt - [8219 bytes] - [03/02/2015 14:34:07]   C:\AdwCleaner\AdwCleaner[R1].txt - [1432 bytes] - [03/02/2015 15:48:18]   C:\AdwCleaner\AdwCleaner[R2].txt - [1492 bytes] - [04/02/2015 11:33:14]   C:\AdwCleaner\AdwCleaner[R3].txt - [1844 bytes] - [05/02/2015 11:26:35]   C:\AdwCleaner\AdwCleaner[R4].txt - [1800 bytes] - [09/02/2015 10:17:57]   C:\AdwCleaner\AdwCleaner[S0].txt - [8723 bytes] - [03/02/2015 14:35:54]   C:\AdwCleaner\AdwCleaner[S1].txt - [5922 bytes] - [09/02/2015 10:20:29]   C:\AdwCleaner\AdwCleaner[S2].txt - [4238 bytes] - [14/04/2016 11:47:27]   C:\AdwCleaner\AdwCleaner[S3].txt - [1413 bytes] - [15/04/2016 13:53:42]   C:\AdwCleaner\AdwCleaner[S6].txt - [1701 bytes] - [30/11/2015 12:29:31]                   ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1559 bytes] ##########                                                

Not noticing any problems.  I was just scared to death.  I wish you could have heard their "speel"



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 15 April 2016 - 01:13 PM

I apologize but I need to be away from my computer for an hour or so and I don't want to rush this situation. I will post when I return.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 15 April 2016 - 02:20 PM

Thank you for your patience Jackie.

We are going to get a little aggressive and delete some entries that are associated with remote support software (not related to TeamViewer). It doesn't appear you need them.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-10-28] (support.com, Inc)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2015-09-03] (Rsupport Corporation)
C:\Windows\System32\DRIVERS\ssmirrdr.sys
C:\Windows\System32\DRIVERS\vrvd5.sys
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jackiegreeno

jackiegreeno
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 April 2016 - 10:03 AM

I swear this wasn't there!!!!!

Fislog:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Jackie (2016-04-15 17:39:39) Run:3
Running from C:\Users\Jackie\Desktop\FRST.exe
Loaded Profiles: Jackie (Available Profiles: Jackie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-10-28] (support.com, Inc)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2015-09-03] (Rsupport Corporation)
C:\Windows\System32\DRIVERS\ssmirrdr.sys
C:\Windows\System32\DRIVERS\vrvd5.sys
emptytemp:
*****************
 
ssmirrdr => service removed successfully
vrvd5 => Unable to stop service.
vrvd5 => service removed successfully
C:\Windows\System32\DRIVERS\ssmirrdr.sys => moved successfully
C:\Windows\System32\DRIVERS\vrvd5.sys => moved successfully
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:40:28 ====
Security check log:
 

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 77  
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.213  
 Mozilla Firefox (45.0.1) 
 Google Chrome (49.0.2623.110) 
 Google Chrome (49.0.2623.112) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
ESET log:
 

C:\Users\Jackie\Documents\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jackie\Documents\Downloads\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jackie\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak.vir a variant of Win32/BrowseFox.AD potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak.vir a variant of Win32/BrowseFox.AD potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\Documents and Settings\Jackie\Documents\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Documents and Settings\Jackie\Documents\Downloads\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Documents and Settings\Jackie\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\FRST\Quarantine\C\Users\Jackie\AppData\Local\Temp\{1B074B6F-ED31-4DBF-872F-724AC57479ED}.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted
 
Were any of these things caused by the fake Quicken guy?  Goodness, I think that an employee of the bank might be in cahoots with these scammers.  How scary.  Are my current safety applications sufficient to keep my computer operating safely?  I have shared on FB and will donate.  I really never noticed anything wrong.  Was just scared to death by that whole process.  How was he able to get "koobface tetected in network" on that DOS prompt?  I couldn't duplicate it.
 
How do you sleep?
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 16 April 2016 - 02:58 PM

Hi Jackie.

Those reports look fine.
 

Were any of these things caused by the fake Quicken guy?

No they were not. This is a common scam (my friend followed the same steps you did) and in fact there is a write up about it that explains exactly what your experienced (thanks to my colleague myrti for forwarding me the link). The write up will explain how they were able to to get "koobface detected in network" on your screen but you were not able to duplicate that. Their goal was to simply get you to pay the fee by tricking you into believing your computer was seriously infected. It was not.

I have found no evidence which should cause you any concern going forward. Nothing we addressed is directly related to their accessing your computer and more importantly there is no evidence of a Backdoor Trojan they may have left behind. Your computer is now clean.

If it was me I would contact the bank and let them know what happened.

I will be providing you with some information regarding computer security when we part ways. Before posting that information I just want to make sure you don't have any other issues or concerns.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jackiegreeno

jackiegreeno
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 April 2016 - 05:46 PM

I read the write up and it was similar, but of course had it's differences.  My guess is that the person from Credit Union wasn't trying to assist me, but might have been in cahoots with this deal.  I won;t let it go.  That write up also brought to mind all the errors that I have in event in the my event log.  Not to worry?  There are zillions of them in Administrative Events.
 
I have contacted the bank and the fellow was quite upset.  I sent a private message and the person that handles all the Quicken problems said this never should have happened.  A ticket should have been answered and he would have called me.  I now have his direct line.  He sounded really upset about it and said he needed to get to the bottom of this.  Was it needed training, etc.  He even called back 2 minutes after we hung up and said he realized that we really hadn't addressed the issue that caused this in the first place and could he assist.  He did and it was done.  I was given his number and extension and encouraged to call him directly with any issues.
 
I seriously thought I was more computer savvy then to let this happen.  Is it still necessary to change all passwords?  I suppose you would tell me to do that on a regular basis anyway, huh?
 
Thank you, so much, for all your help.  If I donate, is there anyway to address agents that have helped?  Or are you all just as good and caring? I will rest better knowing that they haven't done any dame.

Edited by Oh My!, 16 April 2016 - 06:23 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 16 April 2016 - 07:28 PM

Hi Jackie.

I am glad they are taking it seriously. That is quite troublesome.

Event Logs routinely have a multitude of "errors" which are of no real consequence. Your logs show a few of those errors which I reviewed during the evaluation of the reports and there is no reason for concern.

Yes it is always a good idea to change passwords but I don't believe there is any urgency to do so solely because of this incident. I am assuming you were monitoring all activity and did not see the person seek out sensitive data on your computer.

Though some helpers do accept donations I choose not to. But in lieu of that if you would like to consider learning about recent events causing BleepingComputer to need to defend itself you can review that information at: Help BleepingComputer Defend Freedom of Speech.

Thank you for your kindness and diligence. It was a pleasure working with you. Based on all of this there is good reason for your mind to be at ease.

The time has come......

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 17 April 2016 - 06:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users