Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware help- malwarebytes service crashed during scan of memory objects


  • This topic is locked This topic is locked
4 replies to this topic

#1 psymn

psymn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 24 August 2017 - 04:09 PM

I havea PC that I suspect is infected with something but malwarebytes V3 crashes during "scanning memory objects" at around 3000 items scanned.  If I disable scanning of memory, it seems to run without issue, but I haven't yet completed a scan because I'm worrired that the infection won't be removed.

 

I've run Rkill, adwcleaner 7.0.1.0 and mbar-1.09.3.1001 & Fbar.  ONly adwcleaner had hits, but clewaning them did not allow malwarebytes to scan the memory.  What can I do to get malwarebyteds to run successfully?

 

Thanks

psymn

 

Fbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by mark (administrator) on GODI-LAP1A (24-08-2017 17:02:27)
Running from C:\Users\mark\Downloads
Loaded Profiles: mark (Available Profiles: Brian & mark & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\NTRTScan.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Users\mark\AppData\Local\Apps\2.0\2LWLBNRA.QCC\1RW86PZY.002\scre..tion_2c2536e5112611c9_0006.0000_1e05dc717776e9ba\ScreenConnect.ClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ScreenConnect Software) C:\Users\mark\AppData\Local\Apps\2.0\2LWLBNRA.QCC\1RW86PZY.002\scre..tion_2c2536e5112611c9_0006.0000_1e05dc717776e9ba\ScreenConnect.WindowsClient.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmListen.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ScreenConnect Software) C:\Users\mark\AppData\Local\Apps\2.0\2LWLBNRA.QCC\1RW86PZY.002\scre..tion_2c2536e5112611c9_0006.0000_1e05dc717776e9ba\ScreenConnect.WindowsClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\KaUsrTsk.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\AgentMon.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\Endpoint\KaseyaEndpoint.exe
( ) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\extensions\Lua.exe
( ) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\extensions\Lua.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\Kaseya.AgentEndpoint.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-05] (LogMeIn, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe [144784 2008-02-22] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1932424 2012-12-18] (Trend Micro Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [KASHMSSLTN32537687899931] => C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\KaUsrTsk.exe [519928 2017-04-19] (Kaseya International Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-823903844-1520513044-4176187118-1108\...\Run: [GoogleChromeAutoLaunch_79F16F4CD40EF50AC8B0CBF59BB4156F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-11] (Google Inc.)
HKU\S-1-5-21-823903844-1520513044-4176187118-1108\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-26] (Google Inc.)
HKU\S-1-5-21-823903844-1520513044-4176187118-1108\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.200 75.75.75.75
Tcpip\..\Interfaces\{2C128ADF-7339-4AD1-803C-898B42511011}: [DhcpNameServer] 192.168.1.200 75.75.75.75
Tcpip\..\Interfaces\{F6021035-0D82-4176-AF47-04D0884CEE4B}: [DhcpNameServer] 192.168.1.200 75.75.75.75
 
Internet Explorer:
==================
HKU\S-1-5-21-823903844-1520513044-4176187118-1108\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-823903844-1520513044-4176187118-1108 -> {634DA65D-E03F-41E4-B4B9-E4D1F90459DB} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll [2008-02-22] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-823903844-1520513044-4176187118-1108 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-02] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: mtv1icdl.default
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\mtv1icdl.default [2017-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Security Agent\FirefoxExtension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files (x86)\Trend Micro\Security Agent\FirefoxExtension [2016-03-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://acpaeobodkbmlgnpbbhjbfbljpbejcgi/newtab/newtab.html", Active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html"
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpaeobodkbmlgnpbbhjbfbljpbejcgi [2017-03-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-23]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (OnlineMapFinder) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2017-05-26]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (We-Care.com Reminder) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fonmolocekmjpljfgmkkfdcdhmlaenpo [2015-02-23]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-09-29]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR Extension: (No Name) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-27]
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\System Profile [2015-09-27]
 
==================== Services (All) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83032 2017-07-19] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-08] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2017-07-07] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-11-09] (Microsoft Corporation)
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation)
S3 AppMgmt; C:\Windows\SysWOW64\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [52856 2017-04-21] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1206648 2014-03-26] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1706360 2014-03-26] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1165688 2014-03-26] (Motorola Solutions, Inc.)
R3 Browser; C:\Windows\System32\browser.dll [136704 2015-01-22] (Microsoft Corporation)
R3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [107656 2017-04-21] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [128648 2017-04-21] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [279024 2014-01-31] (Intel Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2017-04-12] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2017-04-12] (Microsoft Corporation)
R2 CscService; C:\Windows\System32\cscsvc.dll [692224 2010-11-20] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2017-04-17] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22] (Microsoft Corporation)
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2015-01-22] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
R2 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [632048 2014-05-29] (Intel® Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
R2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2017-05-12] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-19] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-02-19] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2015-03-26] (Google)
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2015-01-22] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [260360 2014-04-22] (Intel Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
R2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2015-01-22] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 KAENDMSSLTN32537687899931; C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\Endpoint\KaseyaEndpoint.exe [12389624 2017-04-19] (Kaseya International Limited)
R2 KAMSSLTN32537687899931; C:\Program Files (x86)\Kaseya\MSSLTN32537687899931\AgentMon.exe [1640696 2017-04-19] (Kaseya International Limited)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2017-08-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [525288 2017-08-03] (LogMeIn, Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [390616 2013-11-13] (Intel Corporation)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-02-16] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [175560 2017-07-05] (Mozilla Foundation)
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
R2 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136312 2017-04-21] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136312 2017-04-21] (Microsoft Corporation)
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136312 2017-04-21] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136312 2017-04-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-06] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3395536 2012-12-18] (Trend Micro Inc.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2014-01-23] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2014-01-21] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14] (Microsoft Corporation)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1361920 2009-07-13] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2017-03-10] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508352 2017-03-10] (Microsoft Corporation)
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2015-01-22] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation)
R2 Power; C:\Windows\system32\umpo.dll [163840 2015-01-22] (Microsoft Corporation)
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation)
R3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 psqlCE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435488 2009-08-03] (Pervasive Software Inc.)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [154864 2014-05-29] (Intel® Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2017-04-17] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
R2 ScreenConnect Client (772c113f-c6a0-4e98-897a-c1eecc7d7683); C:\Users\mark\AppData\Local\Apps\2.0\2LWLBNRA.QCC\1RW86PZY.002\scre..tion_2c2536e5112611c9_0006.0000_1e05dc717776e9ba\ScreenConnect.ClientService.exe [90768 2017-08-24] ()
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation)
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2015-01-22] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
S3 StorSvc; C:\Windows\system32\storsvc.dll [17920 2009-07-13] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [3461176 2012-12-18] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\Security Agent\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.)
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\umrdp.dll [214528 2010-11-20] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
R3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2015-01-29] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2017-02-09] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2017-02-09] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
R2 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation)
R2 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2015-01-22] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-22] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928 2016-05-11] (Microsoft Corporation)
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06] (Microsoft Corporation)
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2651136 2017-05-10] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2015-01-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{1B7FE01B-CB90-41C1-80F5-4A6000ECFFCD}
 
==================== Drivers (All) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2015-01-22] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2015-01-22] (Advanced Micro Devices)
R3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [560944 2014-04-03] (Alps Electric Co., Ltd.)
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2017-07-07] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
S3 atapi; C:\Windows\system32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-13] (Microsoft Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
R3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-13] (Microsoft Corporation)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
R3 BthPan; C:\Windows\system32\drivers\bthpan.sys [119296 2017-07-06] (Microsoft Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2015-01-22] (Microsoft Corporation)
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2015-01-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [370920 2017-07-08] (Microsoft Corporation)
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [467392 2016-11-20] (Microsoft Corporation)
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
R1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-20] (Microsoft Corporation)
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [176096 2010-09-10] (Creative Technology Ltd.)
R1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [97768 2013-09-24] (Citrix Systems, Inc.)
S3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [95024 2015-07-08] (Microsoft Corporation)
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2016-09-08] (Microsoft Corporation)
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
R0 Disk; C:\Windows\System32\drivers\disk.sys [73664 2016-01-20] (Microsoft Corporation)
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [986856 2017-05-16] (Microsoft Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-13] (Emulex)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-21] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2017-03-10] (Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2017-03-10] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2015-01-22] (Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2015-01-22] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2017-06-15] (Microsoft Corporation)
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [672104 2014-05-02] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2015-01-22] (Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-22] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
S3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [35256 2014-04-24] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [450520 2014-01-22] (Intel® Corporation)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2015-01-22] (Microsoft Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [20464 2014-04-10] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [369648 2014-04-10] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791024 2014-04-10] (Intel Corporation)
R3 iwdbus; C:\Windows\System32\DRIVERS\iwdbus.sys [25528 2014-04-24] (Intel Corporation)
R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [37408 2017-04-19] (Kaseya)
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95464 2017-07-07] (Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154856 2017-07-07] (Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
R3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [23232 2017-02-08] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [81088 2017-02-08] (LogMeIn, Inc.)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-08-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-08-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-24] (Malwarebytes)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-13] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2017-05-07] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2017-07-07] (Microsoft Corporation)
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2017-07-07] (Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2017-07-07] (Microsoft Corporation)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [104896 2015-01-06] (Microsoft Corporation)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950720 2015-10-13] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262144 2016-05-11] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [168448 2010-11-20] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1680616 2017-06-09] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2015-01-22] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2015-01-22] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2015-01-22] (Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [68912 2015-07-08] (Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation)
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [310272 2015-01-06] (Microsoft Corporation)
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation)
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
S3 sdbus; C:\Windows\system32\drivers\sdbus.sys [109056 2010-11-20] (Microsoft Corporation)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [460800 2017-04-05] (Microsoft Corporation)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [405504 2017-04-05] (Microsoft Corporation)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168960 2017-04-05] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22128 2011-07-16] (ST Microelectronics)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-13] (Promise Technology)
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-20] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [22528 2010-11-20] (Microsoft Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1895656 2017-05-30] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1895656 2017-05-30] (Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2015-01-22] (Microsoft Corporation)
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation)
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [393944 2017-03-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [66776 2017-03-21] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2011-08-31] (Trend Micro Inc.)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows ® Win 7 DDK provider)
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2016-08-16] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2015-01-22] (Microsoft Corporation)
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16] (Microsoft Corporation)
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16] (Microsoft Corporation)
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\system32\drivers\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16] (Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2015-01-22] (Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363752 2017-07-07] (Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2015-01-22] (Microsoft Corporation)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2621144 2017-03-21] (Trend Micro Inc.)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-13] (Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2015-01-22] (Microsoft Corporation)
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
U3 Winsock; no ImagePath
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation)
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-24 17:02 - 2017-08-24 17:03 - 000075485 _____ C:\Users\mark\Downloads\FRST.txt
2017-08-24 17:00 - 2017-08-24 17:02 - 000000000 ____D C:\kworking
2017-08-24 17:00 - 2017-08-24 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaseya
2017-08-24 17:00 - 2017-08-24 17:00 - 000000000 ____D C:\ProgramData\Kaseya
2017-08-24 17:00 - 2017-08-24 17:00 - 000000000 ____D C:\Program Files (x86)\Kaseya
2017-08-24 17:00 - 2017-04-19 16:23 - 000068128 _____ (Kaseya) C:\Windows\system32\Drivers\knetmon.sys
2017-08-24 17:00 - 2017-04-19 16:23 - 000037408 _____ (Kaseya) C:\Windows\system32\Drivers\KAPFA.sys
2017-08-24 16:59 - 2017-08-24 17:02 - 000000000 ____D C:\FRST
2017-08-24 16:41 - 2017-08-24 16:42 - 032528816 _____ (Kaseya) C:\Users\mark\Downloads\KcsSetup.exe
2017-08-24 16:35 - 2017-08-24 16:35 - 002395648 _____ (Farbar) C:\Users\mark\Downloads\FRST64.exe
2017-08-24 16:28 - 2017-08-24 16:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-24 16:27 - 2017-08-24 16:57 - 000000000 ____D C:\Users\mark\Downloads\mbar
2017-08-24 16:10 - 2017-08-24 16:10 - 016563352 _____ (Malwarebytes Corp.) C:\Users\mark\Downloads\mbar-1.09.3.1001.exe
2017-08-24 16:09 - 2017-08-24 16:19 - 000000000 ____D C:\AdwCleaner
2017-08-24 16:05 - 2017-08-24 16:07 - 000001914 _____ C:\Users\mark\Desktop\Rkill.txt
2017-08-24 16:04 - 2017-08-24 16:04 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\mark\Downloads\rkill.exe
2017-08-24 16:02 - 2017-08-24 16:03 - 008185288 _____ (Malwarebytes) C:\Users\mark\Downloads\adwcleaner_7.0.1.0.exe
2017-08-24 15:23 - 2017-08-24 16:26 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-24 15:23 - 2017-08-24 16:26 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-24 15:23 - 2017-08-24 16:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-24 15:23 - 2017-08-24 16:26 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-24 15:23 - 2017-08-24 15:23 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-24 15:22 - 2017-08-24 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-24 15:22 - 2017-08-24 15:22 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-24 15:22 - 2017-08-24 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-24 15:22 - 2017-08-24 15:22 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-24 15:22 - 2017-08-21 07:20 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-24 15:14 - 2017-08-24 15:14 - 000594501 _____ C:\Users\mark\Downloads\recbi.zip
2017-08-24 14:48 - 2017-08-24 14:48 - 000002353 _____ C:\Users\mark\Desktop\FieldOps-new.exe - Shortcut.lnk
2017-08-24 11:09 - 2017-08-24 11:10 - 022851472 _____ (Malwarebytes ) C:\Users\mark\Downloads\mbam-setup-2.2.1.1043.exe
2017-08-24 11:06 - 2017-08-24 11:07 - 065942208 _____ (Malwarebytes ) C:\Users\mark\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-24 10:19 - 2017-08-24 10:19 - 000086672 _____ C:\Users\mark\Downloads\ScreenConnect.Client.exe
2017-08-24 10:19 - 2017-08-24 10:19 - 000000000 ____D C:\Users\mark\AppData\Local\Deployment
2017-08-24 10:19 - 2017-08-24 10:19 - 000000000 ____D C:\Users\mark\AppData\Local\Apps\2.0
2017-08-24 10:19 - 2017-08-24 10:19 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_1e05dc717776e9ba
2017-08-24 10:04 - 2017-08-24 10:04 - 000001342 _____ C:\Users\Public\Desktop\FieldOPS.lnk
2017-08-24 10:04 - 2017-08-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobilogic
2017-08-23 16:53 - 2017-08-23 16:53 - 000169611 _____ C:\Users\mark\Downloads\sonoma short panel.pdf
2017-08-23 16:51 - 2017-08-23 16:51 - 000188886 _____ C:\Users\mark\Downloads\sonoma long panel.pdf
2017-08-23 16:50 - 2017-08-23 16:50 - 000185776 _____ C:\Users\mark\Downloads\MyDesign (2).pdf
2017-08-23 16:47 - 2017-08-23 16:47 - 000166502 _____ C:\Users\mark\Downloads\MyDesign (1).pdf
2017-08-23 16:37 - 2017-08-23 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 12:55 - 2017-08-22 12:55 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-22 12:55 - 2017-08-22 12:55 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-22 12:55 - 2017-08-22 12:55 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-22 12:55 - 2017-08-22 12:55 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-16 12:37 - 2017-08-16 12:37 - 000184470 _____ C:\Users\mark\Downloads\exovations pike.pdf
2017-08-16 11:11 - 2017-08-16 11:11 - 001759159 _____ C:\Users\mark\Downloads\Full-View-Brochure.pdf
2017-08-16 08:12 - 2017-08-16 08:12 - 000186858 _____ C:\Users\mark\Downloads\wo 13285 bpc construction.pdf
2017-08-14 17:26 - 2017-08-14 17:27 - 113051224 _____ C:\Users\mark\Downloads\5267 - Laurel Peachtree Properties - Cumming, GA (Add#3)- .zip
2017-08-14 15:54 - 2017-08-14 15:54 - 001003633 _____ C:\Users\mark\Downloads\Plank door.pdf
2017-08-14 15:44 - 2017-08-14 15:44 - 001003633 _____ C:\Users\mark\Downloads\08c924b0-b59e-430a-8868-f622cf70b837.pdf
2017-08-14 08:36 - 2017-08-14 08:36 - 000068365 _____ C:\Users\mark\Downloads\Quote 07-31-02AM UID5068194.pdf
2017-08-09 14:03 - 2017-07-29 10:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 14:03 - 2017-07-21 10:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 14:03 - 2017-07-21 10:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 14:03 - 2017-07-21 10:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 14:03 - 2017-07-21 10:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 14:03 - 2017-07-15 14:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 14:03 - 2017-07-15 13:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 14:03 - 2017-07-14 11:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 14:03 - 2017-07-14 11:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 14:03 - 2017-07-14 11:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 14:03 - 2017-07-14 11:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 14:03 - 2017-07-14 11:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 14:03 - 2017-07-14 11:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 14:03 - 2017-07-14 11:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 14:03 - 2017-07-14 11:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 14:03 - 2017-07-14 10:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 14:03 - 2017-07-14 10:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 14:03 - 2017-07-14 10:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 14:03 - 2017-07-14 10:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 14:03 - 2017-07-14 10:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 14:03 - 2017-07-14 03:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 14:03 - 2017-07-14 03:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 14:03 - 2017-07-14 02:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 14:03 - 2017-07-14 02:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 14:03 - 2017-07-14 02:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 14:03 - 2017-07-14 02:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 14:03 - 2017-07-14 02:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 14:03 - 2017-07-14 02:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 14:03 - 2017-07-14 02:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 14:03 - 2017-07-14 02:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 14:03 - 2017-07-14 02:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 14:03 - 2017-07-14 02:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 14:03 - 2017-07-14 02:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 14:03 - 2017-07-14 02:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 14:03 - 2017-07-14 02:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 14:03 - 2017-07-14 02:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 14:03 - 2017-07-14 02:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 14:03 - 2017-07-14 02:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 14:03 - 2017-07-14 01:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 14:03 - 2017-07-14 01:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 14:03 - 2017-07-14 01:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 14:03 - 2017-07-14 01:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 14:03 - 2017-07-14 01:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 14:03 - 2017-07-14 01:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 14:03 - 2017-07-14 01:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 14:03 - 2017-07-14 01:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 14:03 - 2017-07-14 01:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 14:03 - 2017-07-14 01:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 14:03 - 2017-07-14 01:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 14:03 - 2017-07-14 01:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 14:03 - 2017-07-14 01:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 14:03 - 2017-07-14 00:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 14:03 - 2017-07-14 00:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 14:03 - 2017-07-14 00:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 14:03 - 2017-07-13 23:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 14:03 - 2017-07-13 23:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 14:03 - 2017-07-13 22:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 14:03 - 2017-07-13 22:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 14:03 - 2017-07-13 22:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 14:03 - 2017-07-13 22:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 14:03 - 2017-07-13 22:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 14:03 - 2017-07-13 22:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 14:03 - 2017-07-13 22:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 14:03 - 2017-07-13 22:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 14:03 - 2017-07-13 22:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 14:03 - 2017-07-13 22:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 14:03 - 2017-07-13 22:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 14:03 - 2017-07-13 22:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 14:03 - 2017-07-13 22:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 14:03 - 2017-07-13 22:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 14:03 - 2017-07-13 22:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 14:03 - 2017-07-13 22:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 14:03 - 2017-07-13 22:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 14:03 - 2017-07-13 22:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 14:03 - 2017-07-13 22:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 14:03 - 2017-07-13 22:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 14:03 - 2017-07-13 22:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 14:03 - 2017-07-13 22:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 14:03 - 2017-07-13 22:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 14:03 - 2017-07-13 22:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 14:03 - 2017-07-13 22:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 14:03 - 2017-07-13 22:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 14:03 - 2017-07-13 22:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 14:03 - 2017-07-13 21:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 14:03 - 2017-07-13 21:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 14:03 - 2017-07-13 21:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 14:03 - 2017-07-08 11:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 14:03 - 2017-07-08 11:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 14:03 - 2017-07-07 11:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 14:03 - 2017-07-07 11:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 14:03 - 2017-07-07 11:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 14:03 - 2017-07-07 11:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 14:03 - 2017-07-07 11:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 14:03 - 2017-07-07 11:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 14:03 - 2017-07-07 11:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 14:03 - 2017-07-07 11:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 14:03 - 2017-07-07 11:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 14:03 - 2017-07-07 11:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 11:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 14:03 - 2017-07-07 11:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 14:03 - 2017-07-07 11:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 14:03 - 2017-07-07 11:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 14:03 - 2017-07-07 10:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 14:03 - 2017-07-07 10:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 14:03 - 2017-07-07 10:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 14:03 - 2017-07-07 10:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 14:03 - 2017-07-07 10:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 14:03 - 2017-07-07 10:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 14:03 - 2017-07-07 10:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 14:03 - 2017-07-07 10:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 14:03 - 2017-07-07 10:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 14:03 - 2017-07-07 10:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 14:03 - 2017-07-07 10:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 14:03 - 2017-07-07 10:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 14:03 - 2017-07-07 10:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 14:03 - 2017-07-07 10:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 10:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 10:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 14:03 - 2017-07-07 10:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 14:03 - 2017-07-01 09:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-04 15:30 - 2017-08-04 15:30 - 000187488 _____ C:\Users\mark\Downloads\MyDesign.pdf
2017-08-04 15:26 - 2017-08-04 15:26 - 000303793 _____ C:\Users\mark\Downloads\image001 (1).emz
2017-08-04 10:46 - 2017-08-04 10:46 - 000166944 _____ C:\Users\mark\Downloads\hendrix paul 18x6 9 5951 stockton glass.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-24 17:01 - 2015-01-23 17:03 - 000000000 ____D C:\Temp
2017-08-24 16:39 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-24 16:39 - 2009-07-14 00:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-24 16:30 - 2015-01-23 17:03 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-08-24 16:25 - 2015-06-29 15:35 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-24 16:25 - 2015-05-20 10:00 - 000014728 _____ C:\Windows\cfgall.ini
2017-08-24 16:25 - 2015-01-23 16:56 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2017-08-24 16:24 - 2009-07-14 01:13 - 000919210 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-24 16:24 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-24 16:20 - 2015-02-19 16:01 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2017-08-24 16:20 - 2015-02-19 11:44 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-08-24 16:20 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-24 15:20 - 2015-06-29 15:35 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-24 10:00 - 2009-07-13 22:34 - 000017486 _____ C:\Windows\system32\Drivers\etc\services
2017-08-23 18:30 - 2015-05-12 12:25 - 000000000 ____D C:\Users\mark\AppData\Local\CrashDumps
2017-08-23 17:52 - 2016-03-22 12:51 - 000000000 ____D C:\Users\mark\Documents\1 TEMP Quotes
2017-08-23 16:37 - 2015-06-29 15:35 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-23 15:34 - 2016-03-16 12:25 - 000000003 _____ C:\Users\mark\AppData\Roaming\userdict-csj
2017-08-23 10:15 - 2016-11-18 13:41 - 000000000 ____D C:\Users\mark\AppData\LocalLow\Mozilla
2017-08-17 16:53 - 2015-02-19 16:29 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 16:53 - 2015-02-19 16:29 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-10 08:56 - 2015-02-19 11:44 - 000000000 ____D C:\ProgramData\LogMeIn
2017-08-10 04:04 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-08-10 03:27 - 2009-07-14 00:45 - 000331328 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-10 03:07 - 2015-01-28 18:02 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 03:01 - 2015-01-28 18:02 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-08 10:45 - 2015-01-23 16:46 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 10:45 - 2015-01-23 16:46 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 10:45 - 2015-01-23 16:46 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 10:45 - 2015-01-23 16:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 10:45 - 2015-01-23 16:46 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-07 09:57 - 2015-06-29 15:12 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-07 09:48 - 2015-02-19 11:43 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2017-08-03 11:03 - 2015-02-19 11:44 - 000114688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2017-08-03 11:03 - 2015-02-19 11:44 - 000109024 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2017-08-02 21:53 - 2015-04-08 16:48 - 000000000 ____D C:\Users\mark\AppData\Local\ElevatedDiagnostics
2017-08-02 21:53 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-02 11:03 - 2015-02-19 11:44 - 000114688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
 
==================== Files in the root of some directories =======
 
2016-03-16 12:25 - 2017-08-23 15:34 - 000000003 _____ () C:\Users\mark\AppData\Roaming\userdict-csj
2016-05-06 14:57 - 2016-05-06 14:57 - 000000000 _____ () C:\Users\mark\AppData\Local\{5A87B3AD-5CB9-4AF1-8243-42679A11F65C}
2016-01-18 10:04 - 2016-01-18 10:04 - 000000000 _____ () C:\Users\mark\AppData\Local\{9E203871-7BFA-4990-B97C-44EABBC9F016}
2016-03-31 17:36 - 2016-03-31 17:36 - 000000000 _____ () C:\Users\mark\AppData\Local\{C692EF5B-2E25-4EB2-8F2A-D230DD950967}
 
Some files in TEMP:
====================
2015-12-11 09:08 - 2015-12-11 09:08 - 000071168 _____ () C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpunzwih.dll
2015-02-23 17:11 - 2014-01-25 11:16 - 000944824 ____R (Microsoft Corporation) C:\Users\mark\AppData\Local\Temp\SetupHomeBusinessRetail.x86.en-US_HomeBusinessRetail_72Q3N-3TVBB-H6669-MYMGT-H8M22_act_1_.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-21 09:03
 
==================== End of FRST.txt ============================
 
ADWcleaner LOG
 
# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 24 20:19:12 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\{2F5A288E-BE70-4E85-94AA-3E2701E053EF}
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: OnlineMapFinder - 
SearchProvider deleted: Ask Search - ask search
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1190 B] - [2017/8/24 20:18:39]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
RKILL LOG
Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/24/2017 04:05:19 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 08/24/2017 04:07:39 PM
Execution time: 0 hours(s), 2 minute(s), and 19 seconds(s)
 
 
 


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:08:25 AM

Posted 25 August 2017 - 11:19 PM

Hi psymn,

Thanks for the logs; I will analyze them and respond shortly. As I am still in training my reply must be reviewed before it can be posted, so there may be a short delay.

In the meantime, can you please post the contents of the Addition.txt file FRST also most likely generated when you scanned your computer?

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:08:25 AM

Posted 26 August 2017 - 03:11 PM

Hi psymn,

Thanks again for the logs. You do not need to post the old Addition.txt, please just post the new one generated below. Please follow the below instructions/questions.

:step1: Did you install the following Chrome extensions?
  • Classifieds Easy
  • OnlineMapFinder
  • We-Care.com Reminder
:step2: Please run a Malwarebytes scan with memory scanning disabled and let it complete. Once done, select Save results and then Copy to clipboard. Paste the log into your next reply.

:step3: I noticed a screen sharing program on your computer (ScreenConnect); please do not receive outside assistance while we work to remove any malware, as it will just create conflicts.

:step4: Please move FRST64.exe from your Downloads folder to your Desktop. Please run it from there in the future.

:step5: Please generate a new FRST log and paste both FRST.txt and Addition.txt into your next reply. Make sure the Addition.txt box is checked before you run the scan.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:08:25 AM

Posted 30 August 2017 - 02:14 AM

Hi psymn,

Did you receive my instructions? If your problem is resolved or if you didn't see my last post, please let me know. This thread will be closed five days from my previous reply.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:25 AM

Posted 01 September 2017 - 02:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users