Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Protection 360 pop up


  • This topic is locked This topic is locked
15 replies to this topic

#1 cuznlucky

cuznlucky

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 13 October 2014 - 08:36 PM

I have this pop up on one user of my PC. How can I remove this? Also is the high jack this log below. Any help you can provide would be great.

 

malware%20protection%20360.png

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:32:33 PM, on 10/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
 
FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Michelle\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michelle\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Management Agent Service (DellMgmtAgent) - Dell Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
O23 - Service: Dell Security Framework Loader (DellMgmtLoader) - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
O23 - Service: DELL Security Framework Local Server (DellMgmtServer) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
O23 - Service: @C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe,-200 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Invincea Enterprise Service (InvProtectSvc) - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SboxSvc - Unknown owner - C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Security Innovation TCS (tcsd_win32.exe) - Security Innovation, Inc. - C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11563 bytes
 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 14 October 2014 - 04:54 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 October 2014 - 02:36 AM

I ran this on the ID that has the problem.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Office Staff (ATTENTION: The logged in user is not administrator) on FRONTDESK on 16-10-2014 03:32:18
Running from C:\Users\Office Staff\Desktop
Loaded Profile: Office Staff (Available profiles: Michelle & Office Staff)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-06-10] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Run: [MalwareProtection360] => C:\Users\Office Staff\AppData\Roaming\MalwareProtection360\MalwareProtection360.exe [2042880 2014-09-23] (MalwareProtection360)
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Run: [MalwareProtection360Updater] => C:\Users\Office Staff\AppData\Roaming\MalwareProtection360updater.exe
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe [844464 2014-07-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
GroupPolicyUsers\S-1-5-21-3680729045-1313690680-2505866355-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM-x32 - DefaultScope {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Office Staff\AppData\Roaming\Mozilla\Firefox\Profiles\dhm5wt6v.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Public Fox - C:\Users\Office Staff\AppData\Roaming\Mozilla\Firefox\Profiles\dhm5wt6v.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (Google Search) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (WebFilter Pro - The best filtering addon!) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgfoklefkbjadjcgjmnhfbdfjolojnn [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (avast! Online Security) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-02]
CHR Extension: (Dell Data Protection | Security Tools) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR Extension: (Gmail) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-06-10] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-06-10] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-06-10] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] ()
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-06-10] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-23] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-06-10] (Dell Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 03:32 - 2014-10-16 03:32 - 00020310 _____ () C:\Users\Office Staff\Desktop\FRST.txt
2014-10-16 03:32 - 2014-10-16 03:32 - 00000000 ____D () C:\FRST
2014-10-16 03:31 - 2014-10-16 03:31 - 02111488 _____ (Farbar) C:\Users\Office Staff\Desktop\FRST64.exe
2014-10-15 17:28 - 2014-10-15 17:28 - 00001358 _____ () C:\Users\Office Staff\Desktop\Blevins - Shortcut.lnk
2014-10-08 20:33 - 2014-10-08 20:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-08 20:33 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-07 20:42 - 2014-10-03 19:35 - 00001752 _____ () C:\Users\Office Staff\hosts.txt
2014-10-07 14:21 - 2014-10-07 14:34 - 00000644 _____ () C:\Users\Office Staff\Desktop\oct08.lnk
2014-10-06 17:41 - 2014-10-10 13:22 - 00000000 ____D () C:\Users\Office Staff\Desktop\Ashley
2014-10-06 16:00 - 2014-10-06 16:00 - 00001409 _____ () C:\Users\Office Staff\Desktop\A. Nicolardi - Shortcut.lnk
2014-10-06 13:36 - 2014-10-06 13:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-10-03 20:08 - 2014-10-03 20:08 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Canon
2014-10-03 20:08 - 2014-10-03 20:08 - 00000000 _____ () C:\Users\Office Staff\Sti_Trace.log
2014-10-03 20:05 - 2014-10-03 20:05 - 00002102 _____ () C:\Users\Office Staff\Desktop\Toolbox 4.9.lnk
2014-10-03 19:58 - 2014-10-03 19:58 - 00002078 _____ () C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
2014-10-03 19:58 - 2014-10-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-10-03 01:39 - 2014-10-03 01:40 - 00295718 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-10-03 01:38 - 2014-10-03 01:38 - 00296880 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-10-03 01:38 - 2014-10-03 01:38 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-10-03 01:34 - 2014-05-02 10:33 - 00000118 ____H () C:\DBAR_Ver.txt
2014-10-03 01:33 - 2014-10-03 01:34 - 00000000 ____D () C:\ProgramData\softthinks
2014-10-03 01:33 - 2014-10-03 01:33 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Invincea
2014-10-03 01:33 - 2014-10-03 01:33 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\softthinks
2014-10-03 01:33 - 2014-10-03 01:33 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Invincea
2014-10-03 00:14 - 2014-10-03 00:14 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\AVAST Software
2014-10-03 00:14 - 2014-10-03 00:14 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\QuickenWindow
2014-10-02 17:55 - 2014-10-02 17:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-10-02 14:27 - 2014-10-02 14:27 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-02 14:27 - 2014-10-02 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-02 14:27 - 2014-10-02 14:27 - 00000000 ____D () C:\ProgramData\Google
2014-10-02 14:27 - 2014-10-02 14:27 - 00000000 ____D () C:\Program Files\Google
2014-10-02 14:27 - 2014-10-02 14:27 - 00000000 ____D () C:\AVAST Software
2014-10-02 14:26 - 2014-10-16 02:38 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-02 14:26 - 2014-10-15 14:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 14:26 - 2014-10-08 20:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-02 14:26 - 2014-10-02 14:27 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-02 14:26 - 2014-10-02 14:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-02 14:26 - 2014-10-02 14:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-02 14:26 - 2014-10-02 14:26 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Intuit
2014-10-02 14:25 - 2014-10-02 14:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-02 14:24 - 2014-10-02 14:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-02 14:19 - 2014-10-02 14:19 - 00001800 _____ () C:\Users\Public\Desktop\Quicken Home & Business 2014.lnk
2014-10-02 14:19 - 2014-10-02 14:19 - 00000126 _____ () C:\Windows\QUICKEN.INI
2014-10-02 14:19 - 2014-10-02 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
2014-10-02 14:19 - 2014-10-02 14:19 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-02 14:19 - 2013-12-13 15:10 - 04200744 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-10-02 12:15 - 2014-10-03 00:18 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Deployment
2014-10-02 11:36 - 2014-10-02 11:36 - 00028299 _____ () C:\Users\Office Staff\Desktop\Laney's hours.xlsb
2014-10-01 18:57 - 2014-10-02 12:15 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Apps\2.0
2014-10-01 16:37 - 2014-10-01 16:37 - 00000000 ____D () C:\Restored from Carbonite
2014-10-01 16:18 - 2014-10-15 11:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 16:11 - 2014-10-02 14:19 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-10-01 16:11 - 2014-10-01 21:27 - 00000000 ____D () C:\Users\Office Staff\Tracing
2014-10-01 16:10 - 2014-10-01 19:46 - 00000000 ____D () C:\Users\Office Staff\Downloads\ToolBox_4911mf14_Win_EN
2014-10-01 16:10 - 2014-10-01 19:44 - 00000000 ____D () C:\Users\Office Staff\Downloads\MF8350_8050_e-Manual_en_us_3
2014-10-01 16:10 - 2014-10-01 19:34 - 00000000 ____D () C:\Users\Office Staff\Downloads\MF8300_Series_MFDrivers_V2005b_W32_us_EN
2014-10-01 16:10 - 2014-10-01 19:30 - 00000000 ____D () C:\Users\Office Staff\Documents\Quicken
2014-10-01 16:10 - 2014-10-01 19:27 - 00000000 ___SD () C:\Users\Office Staff\Documents\My Data Sources
2014-10-01 16:10 - 2014-10-01 19:27 - 00000000 ____D () C:\Users\Office Staff\Documents\My Smilebox Creations
2014-10-01 16:10 - 2014-10-01 19:27 - 00000000 ____D () C:\Users\Office Staff\Documents\My Boards
2014-10-01 16:10 - 2014-10-01 19:24 - 00000000 ____D () C:\Users\Office Staff\Desktop\Rebekah
2014-10-01 16:10 - 2014-10-01 19:23 - 00000000 ____D () C:\Users\Office Staff\Desktop\Quicken
2014-10-01 16:10 - 2014-10-01 19:20 - 00000000 ____D () C:\Users\Office Staff\Desktop\PTS DOCS
2014-10-01 16:10 - 2014-10-01 19:12 - 00000000 ____D () C:\Users\Office Staff\Desktop\PTS Budget
2014-10-01 16:10 - 2014-10-01 16:10 - 00000000 ____D () C:\Users\Office Staff\Documents\OneNote Notebooks
2014-10-01 16:10 - 2014-10-01 16:10 - 00000000 ____D () C:\Users\Office Staff\Documents\Fax
2014-10-01 16:09 - 2014-10-14 12:03 - 00000000 ____D () C:\Users\Office Staff\Desktop\Krista
2014-10-01 16:09 - 2014-10-01 19:06 - 00000000 ____D () C:\Users\Office Staff\Desktop\PTS Bills
2014-10-01 16:09 - 2014-10-01 18:57 - 00000000 ____D () C:\Users\Office Staff\Desktop\Patient Information
2014-10-01 16:09 - 2014-10-01 18:56 - 00000000 ____D () C:\Users\Office Staff\Desktop\Laney
2014-10-01 16:09 - 2014-10-01 18:54 - 00000000 ____D () C:\Users\Office Staff\Desktop\Employee Units Jan-Mar
2014-10-01 16:09 - 2014-10-01 18:53 - 00000000 ____D () C:\Users\Office Staff\Desktop\Brent Adams
2014-10-01 15:59 - 2014-10-01 15:59 - 00000000 ____D () C:\Users\Office Staff\Carbonite Restored OLD User Settings
2014-10-01 15:53 - 2014-10-01 15:53 - 00002138 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-10-01 15:53 - 2014-10-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-10-01 15:53 - 2014-10-01 15:53 - 00000000 ____D () C:\ProgramData\Carbonite
2014-10-01 15:53 - 2014-10-01 15:53 - 00000000 ____D () C:\Program Files\Carbonite
2014-10-01 15:53 - 2014-10-01 15:53 - 00000000 ____D () C:\Program Files (x86)\Carbonite
2014-10-01 15:52 - 2014-10-01 15:54 - 00016826 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2014-10-01 15:47 - 2014-07-07 10:45 - 00010240 _____ () C:\Users\Office Staff\AppData\Local\Z@!-3c433780-bf7b-4846-8466-7f8532c6a490.tmp
2014-10-01 15:47 - 2014-07-07 10:45 - 00010240 _____ () C:\Users\Office Staff\AppData\Local\Z@!-0ecadd18-0072-47e6-baa9-36f7ae4d6ab5.tmp
2014-10-01 15:47 - 2014-07-07 10:45 - 00009216 _____ () C:\Users\Office Staff\AppData\Local\Z@S!-c7ab5559-8a5e-44e3-9881-c1f07d9d9575.tmp
2014-10-01 15:08 - 2014-10-01 15:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 14:09 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-01 14:09 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-01 14:09 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-01 14:09 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-01 14:09 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-01 14:09 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-01 14:09 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-01 14:09 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-01 14:09 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-01 14:09 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-01 14:09 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-01 14:09 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-01 14:09 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-01 14:09 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-01 14:09 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-01 14:09 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-01 14:09 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-01 14:09 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-01 14:09 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-01 14:09 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-01 14:09 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-01 14:09 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-01 14:09 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-01 14:09 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-01 14:09 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-01 14:09 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-01 14:09 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-01 14:09 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-01 14:09 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-01 14:09 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-01 14:09 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-01 14:09 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-01 14:09 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-01 14:09 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-01 14:09 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-01 14:09 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-01 14:09 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-01 14:09 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-01 14:09 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-01 14:09 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-01 14:09 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-01 14:09 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-01 14:09 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-01 14:09 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-01 14:09 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-01 14:09 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-01 14:09 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-01 14:09 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-01 14:09 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-01 14:09 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-01 14:09 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-01 14:09 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-01 14:09 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-01 14:09 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-01 14:09 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-01 14:09 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-01 13:54 - 2012-07-25 23:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-01 13:54 - 2012-07-25 23:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-01 13:54 - 2012-07-25 23:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-01 13:54 - 2012-07-25 23:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-01 13:54 - 2012-07-25 23:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-01 13:54 - 2012-07-25 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-01 13:54 - 2012-07-25 22:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-01 13:54 - 2012-06-02 10:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-01 13:48 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-01 13:48 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-01 13:42 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-01 13:42 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-01 13:42 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-01 13:42 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-01 13:42 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-01 13:42 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-01 13:42 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-01 13:42 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-01 13:29 - 2014-10-02 16:16 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Google
2014-10-01 12:57 - 2014-10-14 14:40 - 00015957 _____ () C:\Users\Office Staff\Desktop\Monthly Re-evaluation Auth List.xlsx
2014-10-01 12:37 - 2014-10-03 00:14 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\MalwareProtection360
2014-10-01 12:37 - 2014-10-01 12:37 - 00000000 ___HD () C:\Users\Office Staff\AppData\Roaming\Linkey
2014-10-01 12:36 - 2014-10-01 12:36 - 00151552 _____ () C:\Users\Office Staff\Downloads\Setup.exe
2014-10-01 10:46 - 2014-10-01 10:46 - 00000242 _____ () C:\Users\Office Staff\Desktop\NaviNet Sign In.url
2014-10-01 10:36 - 2011-04-09 02:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-01 10:36 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-01 10:35 - 2014-10-01 10:35 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Adobe
2014-10-01 10:34 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:34 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 10:32 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-01 10:32 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-01 10:32 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-01 10:32 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-01 10:31 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-01 10:31 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-01 10:30 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-01 10:30 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-01 10:29 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-01 10:29 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-01 10:29 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-01 10:29 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-01 10:29 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-01 10:29 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-01 10:29 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-01 10:29 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-01 10:29 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-01 10:29 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-01 10:27 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-01 10:27 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-01 10:26 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-01 10:26 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-01 10:26 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-01 10:26 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-01 10:26 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-01 10:26 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-01 10:26 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-01 10:25 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-01 10:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-01 10:25 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-01 10:25 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-01 10:25 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-01 10:25 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-01 10:25 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-01 10:25 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-01 10:25 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-01 10:25 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-01 10:25 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-01 10:25 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-01 10:25 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-01 10:25 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-01 10:25 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-01 10:25 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-10-01 10:25 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-01 10:25 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-01 10:25 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-10-01 10:25 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-10-01 10:25 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-01 10:22 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-01 10:21 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-01 10:20 - 2014-10-01 10:20 - 00000243 _____ () C:\Users\Office Staff\Desktop\Workspace Login.url
2014-10-01 10:19 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-01 10:19 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-01 10:19 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-01 10:19 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-01 10:19 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-01 10:19 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-01 10:19 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-01 10:17 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-01 10:17 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-01 10:17 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-01 10:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-01 10:16 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-01 10:16 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-01 10:15 - 2011-02-18 06:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-01 10:15 - 2011-02-18 01:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-10-01 10:14 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-01 10:14 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-01 10:14 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-01 10:14 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-01 10:14 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-01 10:14 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-01 10:14 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-01 10:14 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-01 10:14 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-01 10:14 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-01 10:14 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-01 10:13 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-01 10:13 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-01 10:13 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-01 10:12 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-01 10:12 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-01 10:11 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-01 10:11 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-01 10:10 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-01 10:10 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-01 10:02 - 2014-10-08 20:35 - 00000208 _____ () C:\Users\Office Staff\Desktop\UnitedHealthcare Online.url
2014-10-01 10:01 - 2014-10-01 10:01 - 00000210 _____ () C:\Users\Office Staff\Desktop\Log In to Availity®.url
2014-10-01 10:00 - 2014-10-08 20:34 - 00000198 _____ () C:\Users\Office Staff\Desktop\eQSuite Login.url
2014-10-01 09:59 - 2014-10-01 09:59 - 00050023 _____ () C:\Users\Office Staff\Desktop\Medicaid Portal.htm
2014-10-01 09:59 - 2014-10-01 09:59 - 00000000 ____D () C:\Users\Office Staff\Desktop\Medicaid Portal_files
2014-09-30 14:42 - 2014-10-01 18:56 - 00000000 ____D () C:\Users\Office Staff\Desktop\MARY
2014-09-30 13:58 - 2014-09-30 13:58 - 00070872 _____ () C:\Users\Office Staff\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-30 13:58 - 2014-09-30 13:58 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\DigitalPersona
2014-09-30 13:58 - 2014-09-30 13:58 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\DigitalPersona
2014-09-30 10:51 - 2014-10-15 09:59 - 00131072 ___SH () C:\CredSED.dat
2014-09-30 10:49 - 2014-09-30 10:49 - 00002323 _____ () C:\Users\Public\Desktop\DDP Admin Console.lnk
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\zh-Hant
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\zh-Hans
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\ru
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\ko
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\ja
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\es
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\zh-Hant
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\zh-Hans
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\ru
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\ko
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\ja
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\it
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\es
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\system32\de
2014-09-30 10:49 - 2014-09-30 10:49 - 00000000 ____D () C:\Windows\DPDrv
2014-09-30 10:49 - 2014-06-10 22:24 - 01721696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-09-30 10:49 - 2014-06-10 22:08 - 00061184 _____ (Dell Inc.) C:\Windows\system32\Drivers\SEDFilter.sys
2014-09-30 10:49 - 2014-06-10 22:08 - 00037120 _____ () C:\Windows\system32\Drivers\CredFltL.sys
2014-09-30 10:49 - 2013-11-26 07:37 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2014-09-30 10:48 - 2014-09-30 10:49 - 00035602 _____ () C:\Windows\DPINST.LOG
2014-09-30 10:48 - 2014-09-30 10:48 - 00000390 __RSH () C:\ProgramData\ntuser.pol
2014-09-30 10:48 - 2014-09-30 10:48 - 00000206 _____ () C:\Windows\hbcikrnl.ini
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\Windows\DPTCDrv
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\ProgramData\Security Innovation
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\Program Files\Validity Sensors
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\Program Files\Dell
2014-09-30 10:48 - 2014-09-30 10:48 - 00000000 ____D () C:\Program Files (x86)\O2Micro
2014-09-30 10:41 - 2014-09-30 10:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 10:40 - 2014-09-30 10:40 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-09-30 10:40 - 2014-09-30 10:40 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-09-30 10:40 - 2014-09-30 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-09-30 10:40 - 2014-09-30 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-09-30 10:11 - 2014-09-30 10:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-30 10:11 - 2014-09-30 10:11 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-30 10:11 - 2014-09-30 10:11 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-30 10:11 - 2014-09-30 10:11 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-09-30 10:11 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-09-30 09:41 - 2014-09-30 09:41 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Mozilla
2014-09-30 09:41 - 2014-09-30 09:41 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Mozilla
2014-09-30 09:39 - 2014-10-02 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-30 09:39 - 2014-09-30 10:27 - 00000000 ____D () C:\Program Files (x86)\PennyBee
2014-09-30 09:39 - 2014-09-30 09:39 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-30 09:39 - 2014-09-30 09:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-30 09:35 - 2014-09-30 09:35 - 00000000 ____D () C:\ProgramData\374311380
2014-09-30 09:10 - 2014-09-30 09:10 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-30 09:10 - 2014-09-30 09:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-30 08:49 - 2014-09-30 08:50 - 00027837 _____ () C:\Users\Office Staff\Downloads\Favorites.zip
2014-09-30 08:46 - 2014-09-30 08:49 - 133714676 _____ () C:\Users\Office Staff\Downloads\Documents.zip
2014-09-30 08:24 - 2014-09-30 08:29 - 594721981 _____ () C:\Users\Office Staff\Downloads\Desktop.zip
2014-09-30 08:15 - 2014-10-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-09-30 08:15 - 2014-09-30 08:15 - 00000000 ___HD () C:\Windows\system32\CanonMF Uninstaller Information
2014-09-30 08:15 - 2009-06-25 10:49 - 00244736 _____ (CANON INC.) C:\Windows\system32\CNCLSU36b.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00155648 _____ (CANON INC.) C:\Windows\system32\CNCLSD36b.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00136192 _____ (CANON INC.) C:\Windows\system32\CNCE8300.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00114688 _____ (CANON INC.) C:\Windows\system32\CNCLST36b.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00111616 _____ (CANON INC.) C:\Windows\system32\CNCLSI36b.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00099328 _____ (CANON INC.) C:\Windows\system32\CNCLSC36b.DLL
2014-09-30 08:15 - 2009-06-25 10:49 - 00049664 _____ (CANON INC.) C:\Windows\system32\CNCLSO36b.dll
2014-09-30 08:15 - 2009-06-25 10:48 - 00338944 _____ (CANON INC.) C:\Windows\system32\CNCC8300.DLL
2014-09-30 08:15 - 2009-06-25 10:48 - 00147968 _____ (CANON INC.) C:\Windows\system32\CNCL8300.DLL
2014-09-30 08:15 - 2009-06-25 10:48 - 00085504 _____ (CANON INC.) C:\Windows\system32\CNCI8300.DLL
2014-09-30 08:15 - 2009-02-16 11:08 - 00000323 _____ () C:\Windows\system32\CNCMFP36.INI
2014-09-30 08:15 - 2007-04-18 17:13 - 00066048 _____ (Canon Inc.) C:\Windows\system32\CNAS0MMK.DLL
2014-09-30 08:14 - 2014-09-30 08:14 - 00000000 ____D () C:\Program Files\Canon
2014-09-30 08:14 - 2009-04-28 13:08 - 00967168 _____ (CANON INC.) C:\Windows\system32\CNAS0MOK.DLL
2014-09-30 08:08 - 2014-09-30 08:08 - 43818112 _____ () C:\Users\Office Staff\Downloads\MF8300_Series_MFDrivers_V2005b_W64_us_EN_1.exe
2014-09-30 08:08 - 2014-09-30 08:08 - 00000000 ____D () C:\Users\Office Staff\Downloads\MF8300_Series_MFDrivers_V2005b_W64_us_EN_1
2014-09-30 08:07 - 2014-09-30 08:07 - 00000000 __SHD () C:\Users\Office Staff\AppData\Local\EmieUserList
2014-09-30 08:07 - 2014-09-30 08:07 - 00000000 __SHD () C:\Users\Office Staff\AppData\Local\EmieSiteList
2014-09-30 08:07 - 2014-09-30 08:07 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Macromedia
2014-09-30 08:04 - 2014-10-01 10:35 - 00000000 ____D () C:\Users\Office Staff\AppData\Roaming\Adobe
2014-09-30 08:04 - 2014-09-30 08:04 - 00001419 _____ () C:\Users\Office Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-30 08:03 - 2014-10-15 09:58 - 00001246 __RSH () C:\Users\Office Staff\ntuser.pol
2014-09-30 08:03 - 2014-10-15 09:58 - 00000000 ____D () C:\Users\Office Staff
2014-09-30 08:03 - 2014-09-30 08:03 - 00000020 ___SH () C:\Users\Office Staff\ntuser.ini
2014-09-30 08:03 - 2014-09-30 08:03 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\VirtualStore
2014-09-30 08:03 - 2014-09-30 08:00 - 00002106 _____ () C:\Users\Office Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-30 08:03 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Office Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-30 08:03 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Office Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-30 08:00 - 2014-09-30 08:00 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-30 08:00 - 2014-09-30 08:00 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-30 08:00 - 2014-09-30 08:00 - 00000000 __RHD () C:\MSOCache
2014-09-30 08:00 - 2014-09-30 08:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-09-30 07:59 - 2014-09-30 07:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-09-30 07:56 - 2014-09-30 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-30 07:55 - 2014-09-30 10:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-30 07:34 - 2014-10-08 20:31 - 00000000 ____D () C:\Users\Michelle
2014-09-30 07:34 - 2014-09-30 07:34 - 00001979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
2014-09-30 07:34 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-30 07:34 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-30 07:34 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-30 07:34 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-30 07:34 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-30 07:34 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-30 07:34 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-30 07:34 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-30 07:34 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-30 07:34 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-30 07:34 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-30 07:34 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-30 07:34 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-30 07:34 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-30 07:33 - 2014-09-30 10:40 - 00000000 ____D () C:\ProgramData\Dell

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 02:38 - 2014-07-10 15:01 - 01093477 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 02:36 - 2014-07-10 13:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 17:09 - 2014-01-29 18:37 - 00086819 _____ () C:\Users\Office Staff\Desktop\Mailed Statements.xlsx
2014-10-15 14:09 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 14:09 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 13:02 - 2013-11-07 15:41 - 00015491 _____ () C:\Users\Office Staff\Desktop\Krista's working list.xlsx
2014-10-15 10:03 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 10:01 - 2014-07-10 13:16 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-15 09:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 09:58 - 2009-07-14 00:51 - 00034324 _____ () C:\Windows\setupact.log
2014-10-10 16:30 - 2014-03-31 11:06 - 00016848 _____ () C:\Users\Office Staff\Desktop\PPEC.payroll.xlsx
2014-10-10 13:30 - 2014-01-23 12:40 - 00032401 _____ () C:\Users\Office Staff\Desktop\Copy of PTS Payroll 2013 updated 4182013.xlsx
2014-10-08 20:32 - 2014-07-10 13:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 13:52 - 2010-11-20 23:47 - 00177396 _____ () C:\Windows\PFRO.log
2014-10-05 15:42 - 2014-07-17 10:16 - 00014177 _____ () C:\Users\Office Staff\Desktop\CURRENT usernames and passwords.xlsx
2014-10-04 16:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-03 17:27 - 2014-08-19 14:01 - 00012764 _____ () C:\Users\Office Staff\Desktop\Absences 2014.xlsx
2014-10-03 09:54 - 2014-07-10 13:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-03 09:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-01 15:28 - 2009-07-14 00:45 - 00327128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 15:09 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-01 15:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-01 15:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-01 15:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-01 15:08 - 2011-02-24 16:44 - 00000000 ____D () C:\Windows\SysWOW64\fr
2014-10-01 15:08 - 2011-02-24 16:44 - 00000000 ____D () C:\Windows\system32\fr
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-01 15:08 - 2010-11-21 03:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-01 15:08 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-10-01 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\com
2014-10-01 15:04 - 2011-02-10 10:33 - 01649288 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-30 10:49 - 2014-07-10 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-30 10:49 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-09-30 10:48 - 2014-07-10 13:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-30 10:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-30 10:47 - 2014-07-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Dell
2014-09-30 10:35 - 2011-02-10 10:25 - 00000000 ____D () C:\dell
2014-09-30 10:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-30 10:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-30 08:17 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-09-30 07:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-29 15:59 - 2011-02-10 10:25 - 00000000 ____D () C:\Windows\panther
2014-09-17 15:19 - 2014-09-03 15:06 - 00015894 _____ () C:\Users\Office Staff\Downloads\77E835AE.tmp

Some content of TEMP:
====================
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite18783.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite31148.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite84288.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite97614.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================


Edited by cuznlucky, 16 October 2014 - 02:38 AM.


#4 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 October 2014 - 02:39 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Office Staff at 2014-10-16 03:32:57
Running from C:\Users\Office Staff\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF8300 Series (HKLM\...\{E47364AA-6B5E-45a2-B94F-BC5D9D6A0338}) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CmgMasterPrerequisites (x32 Version: 1.4.0.629 - Credant Technologies Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (HKLM\...\{87C03608-FD28-45B8-A8C8-F9B34F971EB6}) (Version: 8.4.0.1531 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.0.629 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.0.629 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DigitalPersona TouchChip Driver (Version: 1.6.3.379 - DigitalPersona, Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Validity WBF DDK 495 (HKLM\...\{F622E82E-AFFA-4784-A08F-74311F5716CA}) (Version: 4.5.238.0 - Validity Sensors, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-07 21:06 - 00001752 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 facebook.com
127.0.0.1 pof.com
127.0.0.1 youtube.com
127.0.0.1 craigslist.org
127.0.0.1 mymove.com
127.0.0.1 thawte.com
127.0.0.1 manateeclerk.org
127.0.0.1 liveperson.net
127.0.0.1 everestjs.net
127.0.0.1 onlinesearches.com
127.0.0.1 parkingticketpayment.com
127.0.0.1 open-public-records.com
127.0.0.1 vacriminaldefenselawyer.com
127.0.0.1 vbgov.com
127.0.0.1 va.us
127.0.0.1 virginiainteractive.org
127.0.0.1 maricopa.gov
127.0.0.1 restrainingorderabuse.com
127.0.0.1 sharethrough.com
127.0.0.1 restrainingorderblog.com
127.0.0.1 blogger.com
127.0.0.1 blogblog.com
127.0.0.1 downloadsbrowser.com
127.0.0.1 jollywallet.com
127.0.0.1 freecreditscore.com
127.0.0.1 googleadservices.com
127.0.0.1 addthis.com
127.0.0.1 qualtrics.com
127.0.0.1 cloudfront.net

There are 5 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2014-09-30 09:59 - 2014-09-30 09:59 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-10 13:17 - 2014-03-12 13:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-10 13:17 - 2014-03-12 13:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-07-10 13:17 - 2014-03-12 13:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-06-10 22:23 - 2014-06-10 22:23 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-06-10 22:23 - 2014-06-10 22:23 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2014-06-10 22:23 - 2014-06-10 22:23 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-06-10 22:23 - 2014-06-10 22:23 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-06-10 22:23 - 2014-06-10 22:23 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3680729045-1313690680-2505866355-500 - Administrator - Disabled)
Guest (S-1-5-21-3680729045-1313690680-2505866355-501 - Limited - Disabled)
Michelle (S-1-5-21-3680729045-1313690680-2505866355-1000 - Administrator - Enabled) => C:\Users\Michelle
Office Staff (S-1-5-21-3680729045-1313690680-2505866355-1001 - Limited - Enabled) => C:\Users\Office Staff

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 09:59:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2014 10:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 08:04:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (10/13/2014 08:04:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (10/13/2014 07:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 10:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 10:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 02:37:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 10:12:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 09:25:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

System errors:
=============
Error: (10/16/2014 03:32:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/16/2014 03:32:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/16/2014 03:32:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/16/2014 03:32:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/16/2014 03:29:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/16/2014 03:29:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/15/2014 04:12:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/15/2014 04:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/15/2014 04:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/15/2014 04:12:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Microsoft Office Sessions:
=========================
Error: (10/15/2014 09:59:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/14/2014 10:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 08:04:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, The media is write protected.

Error: (10/13/2014 08:04:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, The media is write protected.

Error: (10/13/2014 07:37:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2014 10:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 10:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 02:37:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 10:12:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2014 09:25:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, The media is write protected.

==================== Memory info ===========================

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 55%
Total physical RAM: 4014.7 MB
Available physical RAM: 1806.2 MB
Total Pagefile: 8027.58 MB
Available Pagefile: 5587.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:409.28 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#5 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 October 2014 - 03:17 AM

When attempting to run the Gmer rootkit scanner within the effected ID, I received 3 pop up messages attached below. I did attempt to run as administrator. It did not create a log file. I'll wait to hear from you as to whether to continue with the TDSS-Killer or a different step.

 

Capture.JPG

 

Capture2.JPG

 

Capture3.JPG

 

Thank you for your assistance!


Edited by cuznlucky, 16 October 2014 - 03:22 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 17 October 2014 - 08:00 AM

Skip Gmer, run TDSS-Killer


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 17 October 2014 - 11:58 PM

TDSS Log, I was not able to run under the effected user but was able under the administrator. The items in BOLD at the bottom are the ones I want removed. Thanks again for all the help.

 

00:48:59.0961 0x0c20  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
00:49:03.0056 0x0c20  ============================================================
00:49:03.0056 0x0c20  Current date / time: 2014/10/18 00:49:03.0056
00:49:03.0056 0x0c20  SystemInfo:
00:49:03.0056 0x0c20 
00:49:03.0056 0x0c20  OS Version: 6.1.7601 ServicePack: 1.0
00:49:03.0056 0x0c20  Product type: Workstation
00:49:03.0056 0x0c20  ComputerName: FRONTDESK
00:49:03.0056 0x0c20  UserName: Michelle
00:49:03.0056 0x0c20  Windows directory: C:\Windows
00:49:03.0056 0x0c20  System windows directory: C:\Windows
00:49:03.0056 0x0c20  Running under WOW64
00:49:03.0056 0x0c20  Processor architecture: Intel x64
00:49:03.0056 0x0c20  Number of processors: 4
00:49:03.0056 0x0c20  Page size: 0x1000
00:49:03.0056 0x0c20  Boot type: Normal boot
00:49:03.0056 0x0c20  ============================================================
00:49:03.0946 0x0c20  KLMD registered as C:\Windows\system32\drivers\82204659.sys
00:49:04.0286 0x0c20  System UUID: {F5C3EC43-EAED-C2BA-B8B3-24D9E86E25CF}
00:49:04.0711 0x0c20  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:49:04.0716 0x0c20  ============================================================
00:49:04.0716 0x0c20  \Device\Harddisk0\DR0:
00:49:04.0716 0x0c20  MBR partitions:
00:49:04.0716 0x0c20  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1777000
00:49:04.0716 0x0c20  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x178B000, BlocksNum 0x38BFA800
00:49:04.0716 0x0c20  ============================================================
00:49:04.0756 0x0c20  C: <-> \Device\Harddisk0\DR0\Partition2
00:49:04.0756 0x0c20  ============================================================
00:49:04.0756 0x0c20  Initialize success
00:49:04.0756 0x0c20  ============================================================
00:49:07.0551 0x13c4  ============================================================
00:49:07.0551 0x13c4  Scan started
00:49:07.0551 0x13c4  Mode: Manual;
00:49:07.0551 0x13c4  ============================================================
00:49:07.0551 0x13c4  KSN ping started
00:49:09.0936 0x13c4  KSN ping finished: true
00:49:10.0496 0x13c4  ================ Scan system memory ========================
00:49:10.0496 0x13c4  System memory - ok
00:49:10.0506 0x13c4  ================ Scan services =============================
00:49:10.0681 0x13c4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:49:10.0696 0x13c4  1394ohci - ok
00:49:10.0716 0x13c4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:49:10.0721 0x13c4  ACPI - ok
00:49:10.0731 0x13c4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:49:10.0736 0x13c4  AcpiPmi - ok
00:49:10.0816 0x13c4  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:49:10.0821 0x13c4  AdobeARMservice - ok
00:49:10.0911 0x13c4  [ C2CE3311D2477B1B24CFB67020AD49B6, 5F800CDD69BA4E8813876BE82FC9FED3F2584DB8C8ADED345F7B5C2A32F809AE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:49:10.0926 0x13c4  AdobeFlashPlayerUpdateSvc - ok
00:49:10.0961 0x13c4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:49:10.0971 0x13c4  adp94xx - ok
00:49:11.0011 0x13c4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:49:11.0016 0x13c4  adpahci - ok
00:49:11.0021 0x13c4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:49:11.0026 0x13c4  adpu320 - ok
00:49:11.0046 0x13c4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:49:11.0051 0x13c4  AeLookupSvc - ok
00:49:11.0106 0x13c4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
00:49:11.0121 0x13c4  AFD - ok
00:49:11.0141 0x13c4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:49:11.0146 0x13c4  agp440 - ok
00:49:11.0151 0x13c4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:49:11.0156 0x13c4  ALG - ok
00:49:11.0166 0x13c4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:49:11.0166 0x13c4  aliide - ok
00:49:11.0171 0x13c4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:49:11.0171 0x13c4  amdide - ok
00:49:11.0176 0x13c4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:49:11.0176 0x13c4  AmdK8 - ok
00:49:11.0186 0x13c4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:49:11.0191 0x13c4  AmdPPM - ok
00:49:11.0201 0x13c4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:49:11.0206 0x13c4  amdsata - ok
00:49:11.0221 0x13c4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:49:11.0221 0x13c4  amdsbs - ok
00:49:11.0236 0x13c4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:49:11.0236 0x13c4  amdxata - ok
00:49:11.0251 0x13c4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
00:49:11.0251 0x13c4  AppID - ok
00:49:11.0266 0x13c4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:49:11.0266 0x13c4  AppIDSvc - ok
00:49:11.0286 0x13c4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
00:49:11.0286 0x13c4  Appinfo - ok
00:49:11.0316 0x13c4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:49:11.0331 0x13c4  AppMgmt - ok
00:49:11.0336 0x13c4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:49:11.0336 0x13c4  arc - ok
00:49:11.0341 0x13c4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:49:11.0346 0x13c4  arcsas - ok
00:49:11.0431 0x13c4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:49:11.0436 0x13c4  aspnet_state - ok
00:49:11.0486 0x13c4  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
00:49:11.0491 0x13c4  aswHwid - ok
00:49:11.0506 0x13c4  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
00:49:11.0511 0x13c4  aswMonFlt - ok
00:49:11.0531 0x13c4  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
00:49:11.0531 0x13c4  aswRdr - ok
00:49:11.0546 0x13c4  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
00:49:11.0551 0x13c4  aswRvrt - ok
00:49:11.0631 0x13c4  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
00:49:11.0641 0x13c4  aswSnx - ok
00:49:11.0726 0x13c4  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
00:49:11.0751 0x13c4  aswSP - ok
00:49:11.0786 0x13c4  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
00:49:11.0791 0x13c4  aswStm - ok
00:49:11.0811 0x13c4  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
00:49:11.0816 0x13c4  aswVmm - ok
00:49:11.0831 0x13c4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:49:11.0836 0x13c4  AsyncMac - ok
00:49:11.0856 0x13c4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:49:11.0856 0x13c4  atapi - ok
00:49:11.0901 0x13c4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:49:11.0911 0x13c4  AudioEndpointBuilder - ok
00:49:11.0926 0x13c4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:49:11.0931 0x13c4  AudioSrv - ok
00:49:12.0016 0x13c4  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:49:12.0021 0x13c4  avast! Antivirus - ok
00:49:12.0046 0x13c4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:49:12.0051 0x13c4  AxInstSV - ok
00:49:12.0101 0x13c4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:49:12.0116 0x13c4  b06bdrv - ok
00:49:12.0181 0x13c4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:49:12.0196 0x13c4  b57nd60a - ok
00:49:12.0241 0x13c4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:49:12.0246 0x13c4  BDESVC - ok
00:49:12.0271 0x13c4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:49:12.0271 0x13c4  Beep - ok
00:49:12.0321 0x13c4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:49:12.0331 0x13c4  BFE - ok
00:49:12.0361 0x13c4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:49:12.0376 0x13c4  BITS - ok
00:49:12.0396 0x13c4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:49:12.0401 0x13c4  blbdrive - ok
00:49:12.0421 0x13c4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:49:12.0426 0x13c4  bowser - ok
00:49:12.0446 0x13c4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:49:12.0446 0x13c4  BrFiltLo - ok
00:49:12.0451 0x13c4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:49:12.0451 0x13c4  BrFiltUp - ok
00:49:12.0461 0x13c4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:49:12.0466 0x13c4  Browser - ok
00:49:12.0481 0x13c4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:49:12.0486 0x13c4  Brserid - ok
00:49:12.0491 0x13c4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:49:12.0491 0x13c4  BrSerWdm - ok
00:49:12.0496 0x13c4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:49:12.0496 0x13c4  BrUsbMdm - ok
00:49:12.0501 0x13c4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:49:12.0501 0x13c4  BrUsbSer - ok
00:49:12.0506 0x13c4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:49:12.0506 0x13c4  BTHMODEM - ok
00:49:12.0526 0x13c4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:49:12.0526 0x13c4  bthserv - ok
00:49:12.0726 0x13c4  [ 517C6E87783377105111CCE1EECF59B6, 7A92959F4B946A4D5942D48969E54BE09319FF1143B5716699A9E4FBC3CB76A7 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
00:49:12.0816 0x13c4  CarboniteService - ok
00:49:12.0841 0x13c4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:49:12.0841 0x13c4  cdfs - ok
00:49:12.0871 0x13c4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:49:12.0881 0x13c4  cdrom - ok
00:49:12.0901 0x13c4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:49:12.0906 0x13c4  CertPropSvc - ok
00:49:12.0911 0x13c4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:49:12.0911 0x13c4  circlass - ok
00:49:12.0936 0x13c4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
00:49:12.0941 0x13c4  CLFS - ok
00:49:13.0086 0x13c4  [ EDAD3D6932E4CB7D92F19FEE0238C29D, 8AE3F923CDBBF08ABB401B53D7E743DBD91C64E28AB7A17D7BAB1EF585A8FE4F ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
00:49:13.0136 0x13c4  ClickToRunSvc - ok
00:49:13.0221 0x13c4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:49:13.0226 0x13c4  clr_optimization_v2.0.50727_32 - ok
00:49:13.0261 0x13c4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:49:13.0261 0x13c4  clr_optimization_v2.0.50727_64 - ok
00:49:13.0296 0x13c4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:49:13.0301 0x13c4  clr_optimization_v4.0.30319_32 - ok
00:49:13.0321 0x13c4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:49:13.0321 0x13c4  clr_optimization_v4.0.30319_64 - ok
00:49:13.0351 0x13c4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:49:13.0351 0x13c4  CmBatt - ok
00:49:13.0361 0x13c4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:49:13.0361 0x13c4  cmdide - ok
00:49:13.0396 0x13c4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
00:49:13.0406 0x13c4  CNG - ok
00:49:13.0426 0x13c4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:49:13.0426 0x13c4  Compbatt - ok
00:49:13.0446 0x13c4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:49:13.0446 0x13c4  CompositeBus - ok
00:49:13.0451 0x13c4  COMSysApp - ok
00:49:13.0491 0x13c4  [ AD4CCBA816E91937E10514B1099E8439, 0E0FECF5F0F07AD145730A1B92C35940B2C03846306A3D18156F75AA37E979C7 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
00:49:13.0496 0x13c4  cphs - ok
00:49:13.0511 0x13c4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:49:13.0511 0x13c4  crcdisk - ok
00:49:13.0531 0x13c4  [ 45C5C16D052095B9037176FD3600BAE0, B96C610D9A3490790D3F38A13C31E1428E7D6ACE4EACD76FDDDA474A1C3252BA ] CredFltL        C:\Windows\system32\DRIVERS\CredFltL.sys
00:49:13.0531 0x13c4  CredFltL - ok
00:49:13.0571 0x13c4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:49:13.0581 0x13c4  CryptSvc - ok
00:49:13.0631 0x13c4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
00:49:13.0641 0x13c4  CSC - ok
00:49:13.0656 0x13c4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
00:49:13.0671 0x13c4  CscService - ok
00:49:13.0731 0x13c4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:49:13.0736 0x13c4  DcomLaunch - ok
00:49:13.0766 0x13c4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:49:13.0771 0x13c4  defragsvc - ok
00:49:13.0811 0x13c4  [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
00:49:13.0816 0x13c4  DellDigitalDelivery - ok
00:49:13.0866 0x13c4  [ 27B9ED5C2EBB74DC1893BE49EC2632E8, 9BA5F522AE5D6BD2CEAB4E26C5E557201B3699708431F8EF15DC5599D0723EC2 ] DellMgmtAgent   C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
00:49:13.0866 0x13c4  DellMgmtAgent - ok
00:49:13.0881 0x13c4  [ CC2BE9BA586D3FD1B309196307BA3DA2, 90936F59718D64346F389805593F50B4C7C7A2B32712932E29165EDF593A9C39 ] DellMgmtLoader  C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
00:49:13.0886 0x13c4  DellMgmtLoader - ok
00:49:13.0891 0x13c4  [ 4005BF532700D79575247A2A421898D3, 658F98AF59BE8E21B29C05F7465FA97A41E1643570D98DE915E07DB4A7910995 ] DellMgmtServer  C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
00:49:13.0891 0x13c4  DellMgmtServer - ok
00:49:13.0911 0x13c4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:49:13.0916 0x13c4  DfsC - ok
00:49:13.0946 0x13c4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:49:13.0951 0x13c4  Dhcp - ok
00:49:13.0971 0x13c4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:49:13.0971 0x13c4  discache - ok
00:49:14.0001 0x13c4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
00:49:14.0011 0x13c4  Disk - ok
00:49:14.0041 0x13c4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
00:49:14.0046 0x13c4  dmvsc - ok
00:49:14.0071 0x13c4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:49:14.0086 0x13c4  Dnscache - ok
00:49:14.0136 0x13c4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:49:14.0151 0x13c4  dot3svc - ok
00:49:14.0236 0x13c4  [ 4B235DC5019D66670E5A53284CA6CCBC, 3573FD68128E298E78B01F50DD33B93C46D05C84AC2654E6F8496C6A73774EE3 ] DpHost          C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
00:49:14.0251 0x13c4  DpHost - ok
00:49:14.0286 0x13c4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:49:14.0291 0x13c4  DPS - ok
00:49:14.0316 0x13c4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:49:14.0321 0x13c4  drmkaud - ok
00:49:14.0366 0x13c4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:49:14.0381 0x13c4  DXGKrnl - ok
00:49:14.0396 0x13c4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:49:14.0401 0x13c4  EapHost - ok
00:49:14.0506 0x13c4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:49:14.0601 0x13c4  ebdrv - ok
00:49:14.0631 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
00:49:14.0636 0x13c4  EFS - ok
00:49:14.0686 0x13c4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:49:14.0696 0x13c4  ehRecvr - ok
00:49:14.0731 0x13c4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:49:14.0736 0x13c4  ehSched - ok
00:49:14.0781 0x13c4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:49:14.0786 0x13c4  elxstor - ok
00:49:14.0791 0x13c4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:49:14.0791 0x13c4  ErrDev - ok
00:49:14.0821 0x13c4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:49:14.0831 0x13c4  EventSystem - ok
00:49:14.0841 0x13c4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:49:14.0846 0x13c4  exfat - ok
00:49:14.0856 0x13c4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:49:14.0861 0x13c4  fastfat - ok
00:49:14.0891 0x13c4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:49:14.0901 0x13c4  Fax - ok
00:49:14.0906 0x13c4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
00:49:14.0906 0x13c4  fdc - ok
00:49:14.0926 0x13c4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:49:14.0931 0x13c4  fdPHost - ok
00:49:14.0941 0x13c4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:49:14.0946 0x13c4  FDResPub - ok
00:49:14.0961 0x13c4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:49:14.0966 0x13c4  FileInfo - ok
00:49:14.0966 0x13c4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:49:14.0971 0x13c4  Filetrace - ok
00:49:14.0971 0x13c4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:49:14.0976 0x13c4  flpydisk - ok
00:49:14.0991 0x13c4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:49:14.0996 0x13c4  FltMgr - ok
00:49:15.0056 0x13c4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
00:49:15.0096 0x13c4  FontCache - ok
00:49:15.0131 0x13c4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:49:15.0136 0x13c4  FontCache3.0.0.0 - ok
00:49:15.0151 0x13c4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:49:15.0151 0x13c4  FsDepends - ok
00:49:15.0181 0x13c4  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:49:15.0186 0x13c4  fssfltr - ok
00:49:15.0231 0x13c4  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:49:15.0271 0x13c4  fsssvc - ok
00:49:15.0286 0x13c4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:49:15.0286 0x13c4  Fs_Rec - ok
00:49:15.0311 0x13c4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:49:15.0316 0x13c4  fvevol - ok
00:49:15.0341 0x13c4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:49:15.0341 0x13c4  gagp30kx - ok
00:49:15.0401 0x13c4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:49:15.0416 0x13c4  gpsvc - ok
00:49:15.0491 0x13c4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:15.0496 0x13c4  gupdate - ok
00:49:15.0511 0x13c4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:49:15.0516 0x13c4  gupdatem - ok
00:49:15.0551 0x13c4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:49:15.0556 0x13c4  gusvc - ok
00:49:15.0566 0x13c4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:49:15.0571 0x13c4  hcw85cir - ok
00:49:15.0596 0x13c4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:49:15.0596 0x13c4  HDAudBus - ok
00:49:15.0601 0x13c4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:49:15.0601 0x13c4  HidBatt - ok
00:49:15.0616 0x13c4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:49:15.0616 0x13c4  HidBth - ok
00:49:15.0631 0x13c4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:49:15.0631 0x13c4  HidIr - ok
00:49:15.0646 0x13c4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
00:49:15.0646 0x13c4  hidserv - ok
00:49:15.0661 0x13c4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:49:15.0666 0x13c4  HidUsb - ok
00:49:15.0681 0x13c4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:49:15.0681 0x13c4  hkmsvc - ok
00:49:15.0711 0x13c4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:49:15.0716 0x13c4  HomeGroupListener - ok
00:49:15.0731 0x13c4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:49:15.0736 0x13c4  HomeGroupProvider - ok
00:49:15.0741 0x13c4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:49:15.0741 0x13c4  HpSAMD - ok
00:49:15.0766 0x13c4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:49:15.0776 0x13c4  HTTP - ok
00:49:15.0806 0x13c4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:49:15.0806 0x13c4  hwpolicy - ok
00:49:15.0826 0x13c4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:49:15.0826 0x13c4  i8042prt - ok
00:49:15.0861 0x13c4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:49:15.0871 0x13c4  iaStorV - ok
00:49:15.0941 0x13c4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:49:15.0956 0x13c4  idsvc - ok
00:49:15.0961 0x13c4  IEEtwCollectorService - ok
00:49:16.0069 0x13c4  [ A3F8BC3E8CA239AC9855C3FA6BD0A353, F0EC8F32EB600C82B0D6F35B4CA6ABAE91D74516F2F086A0BC7F786D704EA62C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:49:16.0194 0x13c4  igfx - ok
00:49:16.0225 0x13c4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:49:16.0225 0x13c4  iirsp - ok
00:49:16.0272 0x13c4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
00:49:16.0288 0x13c4  IKEEXT - ok
00:49:16.0350 0x13c4  [ 88E5F9D5E8EAD9EA6E271E26B42516A9, 6665CF836ED9490B5C9B501B892C1B82604BCC02ECA98FE156B0D851C1725E9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
00:49:16.0428 0x13c4  IntcAzAudAddService - ok
00:49:16.0444 0x13c4  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:49:16.0459 0x13c4  IntcDAud - ok
00:49:16.0518 0x13c4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:49:16.0528 0x13c4  Intel® Capability Licensing Service Interface - ok
00:49:16.0558 0x13c4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
00:49:16.0573 0x13c4  Intel® Capability Licensing Service TCP IP Interface - ok
00:49:16.0593 0x13c4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:49:16.0598 0x13c4  intelide - ok
00:49:16.0633 0x13c4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:49:16.0638 0x13c4  intelppm - ok
00:49:16.0688 0x13c4  [ C4E9E2CB3B18739BBCF4C45FA106456B, 44986A5C135A89781275D945948B731D0C3F984F54E4E3BB14D6D0F96C49A38B ] InvProtectDrv   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
00:49:16.0693 0x13c4  InvProtectDrv - ok
00:49:16.0783 0x13c4  [ 98632FFC351BA6759CC1C03EF240A758, D7140B4FA0E1D9478C60A3EC123BC1622A0BBB2077FB3DD708881ADF763B0E98 ] InvProtectSvc   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
00:49:16.0868 0x13c4  InvProtectSvc - ok
00:49:16.0898 0x13c4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:49:16.0903 0x13c4  IPBusEnum - ok
00:49:16.0918 0x13c4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:49:16.0928 0x13c4  IpFilterDriver - ok
00:49:16.0958 0x13c4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:49:16.0968 0x13c4  iphlpsvc - ok
00:49:16.0978 0x13c4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:49:16.0983 0x13c4  IPMIDRV - ok
00:49:16.0988 0x13c4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:49:16.0988 0x13c4  IPNAT - ok
00:49:16.0993 0x13c4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:49:16.0998 0x13c4  IRENUM - ok
00:49:16.0998 0x13c4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:49:16.0998 0x13c4  isapnp - ok
00:49:17.0018 0x13c4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:49:17.0023 0x13c4  iScsiPrt - ok
00:49:17.0053 0x13c4  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
00:49:17.0058 0x13c4  iusb3hcs - ok
00:49:17.0088 0x13c4  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
00:49:17.0093 0x13c4  iusb3hub - ok
00:49:17.0118 0x13c4  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
00:49:17.0128 0x13c4  iusb3xhc - ok
00:49:17.0168 0x13c4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
00:49:17.0173 0x13c4  jhi_service - ok
00:49:17.0188 0x13c4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:49:17.0193 0x13c4  kbdclass - ok
00:49:17.0218 0x13c4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:49:17.0223 0x13c4  kbdhid - ok
00:49:17.0243 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
00:49:17.0243 0x13c4  KeyIso - ok
00:49:17.0268 0x13c4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:49:17.0278 0x13c4  KSecDD - ok
00:49:17.0298 0x13c4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:49:17.0298 0x13c4  KSecPkg - ok
00:49:17.0313 0x13c4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:49:17.0313 0x13c4  ksthunk - ok
00:49:17.0343 0x13c4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:49:17.0353 0x13c4  KtmRm - ok
00:49:17.0368 0x13c4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:49:17.0373 0x13c4  LanmanServer - ok
00:49:17.0393 0x13c4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:49:17.0408 0x13c4  LanmanWorkstation - ok
00:49:17.0438 0x13c4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:49:17.0438 0x13c4  lltdio - ok
00:49:17.0463 0x13c4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:49:17.0478 0x13c4  lltdsvc - ok
00:49:17.0498 0x13c4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:49:17.0503 0x13c4  lmhosts - ok
00:49:17.0543 0x13c4  [ C8AE2216F31AB6A6CED3B4BEB377BF1D, 6DA89AB9060E24A2643019869DF8EF69D172AD3D066D9038614F7214216E51C4 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:49:17.0568 0x13c4  LMS - ok
00:49:17.0603 0x13c4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:49:17.0608 0x13c4  LSI_FC - ok
00:49:17.0623 0x13c4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:49:17.0628 0x13c4  LSI_SAS - ok
00:49:17.0633 0x13c4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:49:17.0633 0x13c4  LSI_SAS2 - ok
00:49:17.0638 0x13c4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:49:17.0638 0x13c4  LSI_SCSI - ok
00:49:17.0648 0x13c4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:49:17.0653 0x13c4  luafv - ok
00:49:17.0673 0x13c4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:49:17.0678 0x13c4  Mcx2Svc - ok
00:49:17.0683 0x13c4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:49:17.0683 0x13c4  megasas - ok
00:49:17.0703 0x13c4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:49:17.0708 0x13c4  MegaSR - ok
00:49:17.0733 0x13c4  [ 18B9AD128EC84E8D16A83F70CF36594F, 199DF15D68E2A079794E5DD325162C1A68A65EF26EEF5A6C6154281DDE57279A ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
00:49:17.0738 0x13c4  MEIx64 - ok
00:49:17.0768 0x13c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:49:17.0773 0x13c4  MMCSS - ok
00:49:17.0783 0x13c4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:49:17.0788 0x13c4  Modem - ok
00:49:17.0808 0x13c4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:49:17.0813 0x13c4  monitor - ok
00:49:17.0833 0x13c4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:49:17.0833 0x13c4  mouclass - ok
00:49:17.0843 0x13c4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:49:17.0848 0x13c4  mouhid - ok
00:49:17.0868 0x13c4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:49:17.0873 0x13c4  mountmgr - ok
00:49:17.0913 0x13c4  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:49:17.0923 0x13c4  MozillaMaintenance - ok
00:49:17.0943 0x13c4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:49:17.0953 0x13c4  mpio - ok
00:49:17.0963 0x13c4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:49:17.0963 0x13c4  mpsdrv - ok
00:49:18.0003 0x13c4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:49:18.0013 0x13c4  MpsSvc - ok
00:49:18.0053 0x13c4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:49:18.0063 0x13c4  MRxDAV - ok
00:49:18.0088 0x13c4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:49:18.0093 0x13c4  mrxsmb - ok
00:49:18.0123 0x13c4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:49:18.0138 0x13c4  mrxsmb10 - ok
00:49:18.0153 0x13c4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:49:18.0153 0x13c4  mrxsmb20 - ok
00:49:18.0173 0x13c4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:49:18.0178 0x13c4  msahci - ok
00:49:18.0203 0x13c4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:49:18.0213 0x13c4  msdsm - ok
00:49:18.0233 0x13c4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:49:18.0233 0x13c4  MSDTC - ok
00:49:18.0248 0x13c4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:49:18.0248 0x13c4  Msfs - ok
00:49:18.0253 0x13c4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:49:18.0253 0x13c4  mshidkmdf - ok
00:49:18.0258 0x13c4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:49:18.0258 0x13c4  msisadrv - ok
00:49:18.0283 0x13c4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:49:18.0293 0x13c4  MSiSCSI - ok
00:49:18.0298 0x13c4  msiserver - ok
00:49:18.0308 0x13c4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:49:18.0313 0x13c4  MSKSSRV - ok
00:49:18.0318 0x13c4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:49:18.0318 0x13c4  MSPCLOCK - ok
00:49:18.0323 0x13c4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:49:18.0323 0x13c4  MSPQM - ok
00:49:18.0363 0x13c4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:49:18.0368 0x13c4  MsRPC - ok
00:49:18.0378 0x13c4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:49:18.0378 0x13c4  mssmbios - ok
00:49:18.0393 0x13c4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:49:18.0393 0x13c4  MSTEE - ok
00:49:18.0398 0x13c4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:49:18.0398 0x13c4  MTConfig - ok
00:49:18.0408 0x13c4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:49:18.0413 0x13c4  Mup - ok
00:49:18.0438 0x13c4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:49:18.0448 0x13c4  napagent - ok
00:49:18.0468 0x13c4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:49:18.0473 0x13c4  NativeWifiP - ok
00:49:18.0513 0x13c4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:49:18.0528 0x13c4  NDIS - ok
00:49:18.0568 0x13c4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:49:18.0573 0x13c4  NdisCap - ok
00:49:18.0598 0x13c4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:49:18.0598 0x13c4  NdisTapi - ok
00:49:18.0613 0x13c4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:49:18.0618 0x13c4  Ndisuio - ok
00:49:18.0628 0x13c4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:49:18.0628 0x13c4  NdisWan - ok
00:49:18.0643 0x13c4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:49:18.0643 0x13c4  NDProxy - ok
00:49:18.0653 0x13c4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:49:18.0653 0x13c4  NetBIOS - ok
00:49:18.0663 0x13c4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:49:18.0668 0x13c4  NetBT - ok
00:49:18.0673 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
00:49:18.0678 0x13c4  Netlogon - ok
00:49:18.0703 0x13c4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:49:18.0723 0x13c4  Netman - ok
00:49:18.0783 0x13c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:49:18.0793 0x13c4  NetMsmqActivator - ok
00:49:18.0803 0x13c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:49:18.0803 0x13c4  NetPipeActivator - ok
00:49:18.0823 0x13c4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:49:18.0833 0x13c4  netprofm - ok
00:49:18.0838 0x13c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:49:18.0838 0x13c4  NetTcpActivator - ok
00:49:18.0843 0x13c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:49:18.0848 0x13c4  NetTcpPortSharing - ok
00:49:18.0873 0x13c4  [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
00:49:18.0878 0x13c4  netvsc - ok
00:49:18.0918 0x13c4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:49:18.0923 0x13c4  nfrd960 - ok
00:49:18.0963 0x13c4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:49:18.0978 0x13c4  NlaSvc - ok
00:49:18.0993 0x13c4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:49:18.0993 0x13c4  Npfs - ok
00:49:19.0008 0x13c4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:49:19.0018 0x13c4  nsi - ok
00:49:19.0028 0x13c4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:49:19.0033 0x13c4  nsiproxy - ok
00:49:19.0083 0x13c4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:49:19.0123 0x13c4  Ntfs - ok
00:49:19.0133 0x13c4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:49:19.0133 0x13c4  Null - ok
00:49:19.0153 0x13c4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:49:19.0158 0x13c4  nvraid - ok
00:49:19.0173 0x13c4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:49:19.0178 0x13c4  nvstor - ok
00:49:19.0188 0x13c4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:49:19.0193 0x13c4  nv_agp - ok
00:49:19.0203 0x13c4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:49:19.0203 0x13c4  ohci1394 - ok
00:49:19.0258 0x13c4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:49:19.0268 0x13c4  ose - ok
00:49:19.0448 0x13c4  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:49:19.0568 0x13c4  osppsvc - ok
00:49:19.0598 0x13c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:49:19.0628 0x13c4  p2pimsvc - ok
00:49:19.0663 0x13c4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:49:19.0678 0x13c4  p2psvc - ok
00:49:19.0698 0x13c4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
00:49:19.0698 0x13c4  Parport - ok
00:49:19.0718 0x13c4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:49:19.0723 0x13c4  partmgr - ok
00:49:19.0738 0x13c4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:49:19.0753 0x13c4  PcaSvc - ok
00:49:19.0788 0x13c4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:49:19.0798 0x13c4  pci - ok
00:49:19.0813 0x13c4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:49:19.0818 0x13c4  pciide - ok
00:49:19.0828 0x13c4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:49:19.0833 0x13c4  pcmcia - ok
00:49:19.0848 0x13c4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:49:19.0848 0x13c4  pcw - ok
00:49:19.0868 0x13c4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:49:19.0878 0x13c4  PEAUTH - ok
00:49:19.0918 0x13c4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:49:19.0948 0x13c4  PeerDistSvc - ok
00:49:20.0003 0x13c4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:49:20.0008 0x13c4  PerfHost - ok
00:49:20.0093 0x13c4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:49:20.0128 0x13c4  pla - ok
00:49:20.0163 0x13c4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:49:20.0168 0x13c4  PlugPlay - ok
00:49:20.0178 0x13c4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:49:20.0183 0x13c4  PNRPAutoReg - ok
00:49:20.0198 0x13c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:49:20.0203 0x13c4  PNRPsvc - ok
00:49:20.0228 0x13c4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:49:20.0238 0x13c4  PolicyAgent - ok
00:49:20.0253 0x13c4  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
00:49:20.0258 0x13c4  Power - ok
00:49:20.0288 0x13c4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:49:20.0288 0x13c4  PptpMiniport - ok
00:49:20.0303 0x13c4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
00:49:20.0308 0x13c4  Processor - ok
00:49:20.0333 0x13c4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:49:20.0338 0x13c4  ProfSvc - ok
00:49:20.0348 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:49:20.0348 0x13c4  ProtectedStorage - ok
00:49:20.0358 0x13c4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:49:20.0363 0x13c4  Psched - ok
00:49:20.0413 0x13c4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:49:20.0448 0x13c4  ql2300 - ok
00:49:20.0453 0x13c4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:49:20.0458 0x13c4  ql40xx - ok
00:49:20.0478 0x13c4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:49:20.0488 0x13c4  QWAVE - ok
00:49:20.0488 0x13c4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:49:20.0493 0x13c4  QWAVEdrv - ok
00:49:20.0498 0x13c4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:49:20.0498 0x13c4  RasAcd - ok
00:49:20.0518 0x13c4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:49:20.0523 0x13c4  RasAgileVpn - ok
00:49:20.0533 0x13c4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:49:20.0538 0x13c4  RasAuto - ok
00:49:20.0553 0x13c4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:49:20.0558 0x13c4  Rasl2tp - ok
00:49:20.0588 0x13c4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:49:20.0598 0x13c4  RasMan - ok
00:49:20.0643 0x13c4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:49:20.0648 0x13c4  RasPppoe - ok
00:49:20.0663 0x13c4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:49:20.0668 0x13c4  RasSstp - ok
00:49:20.0693 0x13c4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:49:20.0698 0x13c4  rdbss - ok
00:49:20.0708 0x13c4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:49:20.0713 0x13c4  rdpbus - ok
00:49:20.0733 0x13c4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:49:20.0738 0x13c4  RDPCDD - ok
00:49:20.0768 0x13c4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:49:20.0778 0x13c4  RDPDR - ok
00:49:20.0788 0x13c4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:49:20.0788 0x13c4  RDPENCDD - ok
00:49:20.0808 0x13c4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:49:20.0808 0x13c4  RDPREFMP - ok
00:49:20.0838 0x13c4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:49:20.0838 0x13c4  RDPWD - ok
00:49:20.0868 0x13c4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:49:20.0873 0x13c4  rdyboost - ok
00:49:20.0888 0x13c4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:49:20.0893 0x13c4  RemoteAccess - ok
00:49:20.0918 0x13c4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:49:20.0923 0x13c4  RemoteRegistry - ok
00:49:20.0943 0x13c4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:49:20.0953 0x13c4  RpcEptMapper - ok
00:49:20.0968 0x13c4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:49:20.0973 0x13c4  RpcLocator - ok
00:49:20.0993 0x13c4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
00:49:21.0003 0x13c4  RpcSs - ok
00:49:21.0018 0x13c4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:49:21.0018 0x13c4  rspndr - ok
00:49:21.0058 0x13c4  [ 22B27E5BFBAB2B5ED3BB5ABBE7D1E341, D56D3BA061FB7DB1414CB14537E9FE17907095C050FC674FFC38C8D8CA5B426B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:49:21.0068 0x13c4  RTL8167 - ok
00:49:21.0093 0x13c4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:49:21.0093 0x13c4  s3cap - ok
00:49:21.0108 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
00:49:21.0113 0x13c4  SamSs - ok
00:49:21.0148 0x13c4  [ 9EBC8558F87AB6645DD12A0EE99E1353, 5A4B49051FB7BFACAB81F0CF1B27057BC46D4A064005BF738549208667D00AAA ] SboxDrv         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
00:49:21.0153 0x13c4  SboxDrv - ok
00:49:21.0163 0x13c4  [ 6E5A7FD77EE6D70C738B6439B5E8FF0C, 0E9570B5FD7BEDF62EB9D35B6834E2F0B740548D128D153DAF452B2CED0905A9 ] SboxSvc         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
00:49:21.0168 0x13c4  SboxSvc - ok
00:49:21.0188 0x13c4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:49:21.0193 0x13c4  sbp2port - ok
00:49:21.0213 0x13c4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:49:21.0223 0x13c4  SCardSvr - ok
00:49:21.0223 0x13c4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:49:21.0228 0x13c4  scfilter - ok
00:49:21.0258 0x13c4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
00:49:21.0283 0x13c4  Schedule - ok
00:49:21.0303 0x13c4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:49:21.0303 0x13c4  SCPolicySvc - ok
00:49:21.0333 0x13c4  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
00:49:21.0343 0x13c4  sdbus - ok
00:49:21.0358 0x13c4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:49:21.0363 0x13c4  SDRSVC - ok
00:49:21.0393 0x13c4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:49:21.0393 0x13c4  secdrv - ok
00:49:21.0408 0x13c4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
00:49:21.0408 0x13c4  seclogon - ok
00:49:21.0433 0x13c4  [ E2E911ADAA1054999A964313A1C45B85, EAA12292D86B363C5B831273368BEFBD7662556B2D3B9F531EF2A351DAD0A86B ] SEDFilter       C:\Windows\system32\DRIVERS\SEDFilter.sys
00:49:21.0433 0x13c4  SEDFilter - ok
00:49:21.0443 0x13c4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
00:49:21.0443 0x13c4  SENS - ok
00:49:21.0453 0x13c4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:49:21.0458 0x13c4  SensrSvc - ok
00:49:21.0488 0x13c4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:49:21.0493 0x13c4  Serenum - ok
00:49:21.0518 0x13c4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
00:49:21.0518 0x13c4  Serial - ok
00:49:21.0533 0x13c4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:49:21.0538 0x13c4  sermouse - ok
00:49:21.0563 0x13c4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:49:21.0568 0x13c4  SessionEnv - ok
00:49:21.0573 0x13c4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:49:21.0573 0x13c4  sffdisk - ok
00:49:21.0578 0x13c4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:49:21.0578 0x13c4  sffp_mmc - ok
00:49:21.0583 0x13c4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:49:21.0583 0x13c4  sffp_sd - ok
00:49:21.0583 0x13c4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:49:21.0588 0x13c4  sfloppy - ok
00:49:21.0663 0x13c4  [ 1AFF08DFBB72A235DE60433C4FE7920B, 0EFA5914B96CF8544BA6452086CED8EF6EBD0F69E6977CDB1ECDB75908F07650 ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
00:49:21.0698 0x13c4  SftService - ok
00:49:21.0728 0x13c4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:49:21.0733 0x13c4  SharedAccess - ok
00:49:21.0753 0x13c4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:49:21.0763 0x13c4  ShellHWDetection - ok
00:49:21.0778 0x13c4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:49:21.0778 0x13c4  SiSRaid2 - ok
00:49:21.0808 0x13c4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:49:21.0813 0x13c4  SiSRaid4 - ok
00:49:21.0828 0x13c4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:49:21.0828 0x13c4  Smb - ok
00:49:21.0848 0x13c4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:49:21.0853 0x13c4  SNMPTRAP - ok
00:49:21.0863 0x13c4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:49:21.0863 0x13c4  spldr - ok
00:49:21.0913 0x13c4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
00:49:21.0928 0x13c4  Spooler - ok
00:49:22.0038 0x13c4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:49:22.0158 0x13c4  sppsvc - ok
00:49:22.0173 0x13c4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:49:22.0178 0x13c4  sppuinotify - ok
00:49:22.0198 0x13c4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:49:22.0208 0x13c4  srv - ok
00:49:22.0223 0x13c4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:49:22.0228 0x13c4  srv2 - ok
00:49:22.0243 0x13c4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:49:22.0248 0x13c4  srvnet - ok
00:49:22.0258 0x13c4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:49:22.0268 0x13c4  SSDPSRV - ok
00:49:22.0273 0x13c4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:49:22.0278 0x13c4  SstpSvc - ok
00:49:22.0293 0x13c4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:49:22.0293 0x13c4  stexstor - ok
00:49:22.0323 0x13c4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:49:22.0333 0x13c4  stisvc - ok
00:49:22.0353 0x13c4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
00:49:22.0353 0x13c4  StorSvc - ok
00:49:22.0378 0x13c4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:49:22.0388 0x13c4  storvsc - ok
00:49:22.0403 0x13c4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:49:22.0403 0x13c4  swenum - ok
00:49:22.0423 0x13c4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:49:22.0433 0x13c4  swprv - ok
00:49:22.0458 0x13c4  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
00:49:22.0463 0x13c4  SynthVid - ok
00:49:22.0528 0x13c4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
00:49:22.0573 0x13c4  SysMain - ok
00:49:22.0583 0x13c4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:49:22.0588 0x13c4  TabletInputService - ok
00:49:22.0598 0x13c4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:49:22.0608 0x13c4  TapiSrv - ok
00:49:22.0618 0x13c4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
00:49:22.0623 0x13c4  TBS - ok
00:49:22.0703 0x13c4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:49:22.0748 0x13c4  Tcpip - ok
00:49:22.0828 0x13c4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:49:22.0848 0x13c4  TCPIP6 - ok
00:49:22.0878 0x13c4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:49:22.0883 0x13c4  tcpipreg - ok
00:49:22.0978 0x13c4  [ BFAADE870B9B0CAED85AEB682610A2BD, 4147623CAFF7158ADF73DE823E3AE1364735E80268EAD1A6AB224479FD6CA1EA ] tcsd_win32.exe  C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe
00:49:23.0013 0x13c4  tcsd_win32.exe - ok
00:49:23.0033 0x13c4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:49:23.0033 0x13c4  TDPIPE - ok
00:49:23.0053 0x13c4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:49:23.0053 0x13c4  TDTCP - ok
00:49:23.0083 0x13c4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:49:23.0088 0x13c4  tdx - ok
00:49:23.0243 0x13c4  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
00:49:23.0298 0x13c4  TeamViewer9 - ok
00:49:23.0328 0x13c4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:49:23.0333 0x13c4  TermDD - ok
00:49:23.0388 0x13c4  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
00:49:23.0398 0x13c4  TermService - ok
00:49:23.0418 0x13c4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:49:23.0423 0x13c4  Themes - ok
00:49:23.0453 0x13c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:49:23.0458 0x13c4  THREADORDER - ok
00:49:23.0478 0x13c4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:49:23.0483 0x13c4  TrkWks - ok
00:49:23.0528 0x13c4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:49:23.0538 0x13c4  TrustedInstaller - ok
00:49:23.0553 0x13c4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:49:23.0553 0x13c4  tssecsrv - ok
00:49:23.0578 0x13c4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:49:23.0578 0x13c4  TsUsbFlt - ok
00:49:23.0583 0x13c4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:49:23.0583 0x13c4  TsUsbGD - ok
00:49:23.0603 0x13c4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:49:23.0603 0x13c4  tunnel - ok
00:49:23.0608 0x13c4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:49:23.0608 0x13c4  uagp35 - ok
00:49:23.0623 0x13c4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:49:23.0633 0x13c4  udfs - ok
00:49:23.0643 0x13c4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:49:23.0648 0x13c4  UI0Detect - ok
00:49:23.0663 0x13c4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:49:23.0663 0x13c4  uliagpkx - ok
00:49:23.0678 0x13c4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:49:23.0683 0x13c4  umbus - ok
00:49:23.0683 0x13c4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:49:23.0688 0x13c4  UmPass - ok
00:49:23.0703 0x13c4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:49:23.0713 0x13c4  UmRdpService - ok
00:49:23.0728 0x13c4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:49:23.0733 0x13c4  upnphost - ok
00:49:23.0758 0x13c4  [ 724DABDE1A9C48C6E5FE0F9F7E583940, 6B5FB81D0D6096CB827AC32DD5EE7C92F1E2EEFD54EC9E047EC6AF50610B4885 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:49:23.0758 0x13c4  usbccgp - ok
00:49:23.0783 0x13c4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:49:23.0788 0x13c4  usbcir - ok
00:49:23.0808 0x13c4  [ CA11C28D69925E356CC27749CC41C3E1, E0AEB9EA23E7EFB982C1548508583B16A89A5568750EA23A313C8AC40CCB84C5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:49:23.0813 0x13c4  usbehci - ok
00:49:23.0833 0x13c4  [ 8FA7BAF75209D59E7302BCF0308C52A7, 00F5F7442BBD25E7455ECDE5AE5D40C60E878BAF53A7D535DB59EE2C3F027245 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:49:23.0838 0x13c4  usbhub - ok
00:49:23.0853 0x13c4  [ BB33E6D8006EDD67CAB91E9417417710, 16CC4A00FB1793C7B723F6A99A39725C87A71C2958CFA0916A55BB084973C96F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:49:23.0858 0x13c4  usbohci - ok
00:49:23.0888 0x13c4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:49:23.0893 0x13c4  usbprint - ok
00:49:23.0918 0x13c4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:49:23.0918 0x13c4  usbscan - ok
00:49:23.0933 0x13c4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:49:23.0938 0x13c4  USBSTOR - ok
00:49:23.0953 0x13c4  [ 8565793CAF1EF768DB669BE0C3C71EDF, 8FD8904C5C0F2BFC66A17EE51E2E50C4BB11B77A18F51F4893D079B2F37F6B21 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:49:23.0953 0x13c4  usbuhci - ok
00:49:23.0973 0x13c4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:49:23.0983 0x13c4  UxSms - ok
00:49:24.0013 0x13c4  [ E501CC6CD9101759DD4398BA39DD73F6, 39F626BE9F85CD242DFC81554AE5F02BCBEE1CCEF148AE415930B005871F4B38 ] valWBFPolicyService C:\Windows\system32\valWBFPolicyService.exe
00:49:24.0018 0x13c4  valWBFPolicyService - ok
00:49:24.0038 0x13c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
00:49:24.0038 0x13c4  VaultSvc - ok
00:49:24.0053 0x13c4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:49:24.0053 0x13c4  vdrvroot - ok
00:49:24.0078 0x13c4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:49:24.0088 0x13c4  vds - ok
00:49:24.0098 0x13c4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:49:24.0103 0x13c4  vga - ok
00:49:24.0118 0x13c4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:49:24.0118 0x13c4  VgaSave - ok
00:49:24.0148 0x13c4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:49:24.0163 0x13c4  vhdmp - ok
00:49:24.0203 0x13c4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:49:24.0203 0x13c4  viaide - ok
00:49:24.0223 0x13c4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:49:24.0228 0x13c4  VMBusHID - ok
00:49:24.0253 0x13c4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:49:24.0258 0x13c4  volmgr - ok
00:49:24.0273 0x13c4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:49:24.0278 0x13c4  volmgrx - ok
00:49:24.0293 0x13c4  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:49:24.0298 0x13c4  volsnap - ok
00:49:24.0323 0x13c4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:49:24.0328 0x13c4  vsmraid - ok
00:49:24.0373 0x13c4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:49:24.0413 0x13c4  VSS - ok
00:49:24.0418 0x13c4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:49:24.0418 0x13c4  vwifibus - ok
00:49:24.0448 0x13c4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:49:24.0458 0x13c4  W32Time - ok
00:49:24.0463 0x13c4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:49:24.0463 0x13c4  WacomPen - ok
00:49:24.0483 0x13c4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:49:24.0483 0x13c4  WANARP - ok
00:49:24.0488 0x13c4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:49:24.0488 0x13c4  Wanarpv6 - ok
00:49:24.0563 0x13c4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:49:24.0623 0x13c4  WatAdminSvc - ok
00:49:24.0673 0x13c4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:49:24.0738 0x13c4  wbengine - ok
00:49:24.0768 0x13c4  [ 509575C01A75FB7D80569ED33075D615, 8B5E44D245EC4C07E1D9D79F1BA56EF3482C7B5BA095BBD9704D3031F00BE9E8 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:49:24.0773 0x13c4  WbioSrvc - ok
00:49:24.0778 0x13c4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:49:24.0788 0x13c4  wcncsvc - ok
00:49:24.0803 0x13c4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:49:24.0808 0x13c4  WcsPlugInService - ok
00:49:24.0833 0x13c4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
00:49:24.0838 0x13c4  Wd - ok
00:49:24.0888 0x13c4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:49:24.0903 0x13c4  Wdf01000 - ok
00:49:24.0923 0x13c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:49:24.0928 0x13c4  WdiServiceHost - ok
00:49:24.0933 0x13c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:49:24.0933 0x13c4  WdiSystemHost - ok
00:49:24.0958 0x13c4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
00:49:24.0963 0x13c4  WebClient - ok
00:49:24.0988 0x13c4  [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:49:24.0993 0x13c4  Wecsvc - ok
00:49:25.0008 0x13c4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:49:25.0008 0x13c4  wercplsupport - ok
00:49:25.0038 0x13c4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:49:25.0038 0x13c4  WerSvc - ok
00:49:25.0063 0x13c4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:49:25.0063 0x13c4  WfpLwf - ok
00:49:25.0073 0x13c4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:49:25.0073 0x13c4  WIMMount - ok
00:49:25.0088 0x13c4  WinDefend - ok
00:49:25.0093 0x13c4  WinHttpAutoProxySvc - ok
00:49:25.0148 0x13c4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:49:25.0158 0x13c4  Winmgmt - ok
00:49:25.0228 0x13c4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:49:25.0273 0x13c4  WinRM - ok
00:49:25.0323 0x13c4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:49:25.0323 0x13c4  WinUsb - ok
00:49:25.0368 0x13c4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:49:25.0383 0x13c4  Wlansvc - ok
00:49:25.0528 0x13c4  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:49:25.0653 0x13c4  wlidsvc - ok
00:49:25.0678 0x13c4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:49:25.0683 0x13c4  WmiAcpi - ok
00:49:25.0713 0x13c4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:49:25.0723 0x13c4  wmiApSrv - ok
00:49:25.0743 0x13c4  WMPNetworkSvc - ok
00:49:25.0758 0x13c4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:49:25.0768 0x13c4  WPCSvc - ok
00:49:25.0788 0x13c4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:49:25.0793 0x13c4  WPDBusEnum - ok
00:49:25.0793 0x13c4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:49:25.0798 0x13c4  ws2ifsl - ok
00:49:25.0803 0x13c4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
00:49:25.0808 0x13c4  wscsvc - ok
00:49:25.0808 0x13c4  WSearch - ok
00:49:25.0898 0x13c4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:49:25.0948 0x13c4  wuauserv - ok
00:49:25.0973 0x13c4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:49:25.0973 0x13c4  WudfPf - ok
00:49:26.0008 0x13c4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:49:26.0023 0x13c4  WUDFRd - ok
00:49:26.0048 0x13c4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:49:26.0053 0x13c4  wudfsvc - ok
00:49:26.0083 0x13c4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:49:26.0108 0x13c4  WwanSvc - ok
00:49:26.0118 0x13c4  ================ Scan global ===============================
00:49:26.0143 0x13c4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:49:26.0163 0x13c4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:49:26.0173 0x13c4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:49:26.0193 0x13c4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:49:26.0208 0x13c4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:49:26.0233 0x13c4  [ Global ] - ok
00:49:26.0233 0x13c4  ================ Scan MBR ==================================
00:49:26.0248 0x13c4  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:49:26.0428 0x13c4  \Device\Harddisk0\DR0 - ok
00:49:26.0428 0x13c4  ================ Scan VBR ==================================
00:49:26.0428 0x13c4  [ F7B27AE73734B800E1AF96838B5A5A71 ] \Device\Harddisk0\DR0\Partition1
00:49:26.0438 0x13c4  \Device\Harddisk0\DR0\Partition1 - ok
00:49:26.0438 0x13c4  [ DA98EE6312B07C32CC9D9C22E7C5E983 ] \Device\Harddisk0\DR0\Partition2
00:49:26.0448 0x13c4  \Device\Harddisk0\DR0\Partition2 - ok
00:49:26.0453 0x13c4  ================ Scan generic autorun ======================
00:49:26.0643 0x13c4  [ 5BAD798CBAB39F3A56A9CD495320F67E, 668FB3F30DD99CBF9EBDDF4C079636DFD2C7693B3506AC8A6DD1B3CA4B5BAF11 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
00:49:26.0723 0x13c4  RtHDVCpl - ok
00:49:26.0768 0x13c4  [ C9C552CE10985B889DC476F6C015F85D, 901A7BFC84A7C42DF0B9CBFB49F39A95DDC62BAC9E08777DA53AB2B1550AAA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
00:49:26.0783 0x13c4  RtHDVBg - ok
00:49:26.0803 0x13c4  [ 7776134C2B3F472BC245D8A9496CF0C0, B4891FF14CEAD52CB154BE0AEE143DD061889812A151571C0401993F176F984B ] C:\Windows\system32\igfxtray.exe
00:49:26.0803 0x13c4  IgfxTray - ok
00:49:26.0823 0x13c4  [ BC67AE48519F372C2A519C680BE0A8F9, F66FC5CD9269765C8346FEE3E39F07E34E22F909DF7A4599D9007814917A3CC9 ] C:\Windows\system32\hkcmd.exe
00:49:26.0828 0x13c4  HotKeysCmds - ok
00:49:26.0848 0x13c4  [ D4D714B422AE20CD20E9E68BC0133D6F, D554C3498F159D5CD4F29312FE73493061B3ADAF5DF81B780D749B3C54CFF7F3 ] C:\Windows\system32\igfxpers.exe
00:49:26.0853 0x13c4  Persistence - ok
00:49:26.0893 0x13c4  [ 4299FFB8A62F4BEB5E8BC1E40397833C, 86DA7A2D7F7F47781A6ED93EBF1B57A0E84BF4C5625099B6AEC48FD6ADED4054 ] C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
00:49:26.0903 0x13c4  fssui - ok
00:49:26.0933 0x13c4  [ B0DD60E82EF694F9AA9D2CFD9A50390D, C71785445D65097F22FBE45FD7D62537E1F548481811AE45E799F29A03645D43 ] C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
00:49:26.0933 0x13c4  CSFTrayApp - ok
00:49:26.0988 0x13c4  [ 50E81F5F143F4ABBCCC4BDF92D70C383, E5723A1CCC0E0B22F36A035ADCFE78D98A97A77CBD9D34CF95E75B78C139F175 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
00:49:26.0998 0x13c4  USB3MON - ok
00:49:27.0078 0x13c4  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:49:27.0093 0x13c4  Adobe ARM - ok
00:49:27.0138 0x13c4  [ E39E50740CC9DA4DE984EDA0745FD7CE, 622C7D40779271EA4275CE5B89F2DA17B41122F3E0AF3B93828184A037DE9B62 ] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
00:49:27.0153 0x13c4  Carbonite Backup - ok
00:49:27.0273 0x13c4  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
00:49:27.0383 0x13c4  AvastUI.exe - ok
00:49:27.0433 0x13c4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:49:27.0458 0x13c4  Sidebar - ok
00:49:27.0478 0x13c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:49:27.0483 0x13c4  mctadmin - ok
00:49:27.0533 0x13c4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:49:27.0548 0x13c4  Sidebar - ok
00:49:27.0553 0x13c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:49:27.0553 0x13c4  mctadmin - ok
00:49:27.0573 0x13c4  [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\Windows\system32\cmd.exe
00:49:27.0578 0x13c4  Uninstall C:\Users\Michelle\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64 - ok
00:49:27.0708 0x13c4  [ 90FB56BA6AF25ACBBC3A85E10EA5D0CB, E40BEACE246706669E94C782141E0DFFF6801F8C55385937F4939F8C7603717D ] C:\Users\Office Staff\AppData\Roaming\MalwareProtection360\MalwareProtection360.exe
00:49:27.0728 0x13c4  MalwareProtection360 - ok
00:49:27.0733 0x13c4  MalwareProtection360Updater - ok

00:49:27.0733 0x13c4  Waiting for KSN requests completion. In queue: 56
00:49:28.0733 0x13c4  Waiting for KSN requests completion. In queue: 56
00:49:29.0733 0x13c4  Waiting for KSN requests completion. In queue: 56
00:49:30.0763 0x13c4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
00:49:30.0768 0x13c4  Win FW state via NFP2: enabled
00:49:33.0278 0x13c4  ============================================================
00:49:33.0278 0x13c4  Scan finished
00:49:33.0278 0x13c4  ============================================================
00:49:33.0298 0x03a8  Detected object count: 0
00:49:33.0298 0x03a8  Actual detected object count: 0
00:50:33.0463 0x0d08  Deinitialize success
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 PM

Posted 21 October 2014 - 07:00 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 October 2014 - 02:33 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Office Staff at 2014-10-23 03:19:24 Run:1
Running from C:\Users\Office Staff\Desktop
Loaded Profiles: Michelle & Office Staff (Available profiles: Michelle & Office Staff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373
SearchScopes: HKCU - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM - DefaultScope {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Run: [MalwareProtection360] => C:\Users\Office Staff\AppData\Roaming\MalwareProtection360\MalwareProtection360.exe [2042880 2014-09-23] (MalwareProtection360)
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Run: [MalwareProtection360Updater] => C:\Users\Office Staff\AppData\Roaming\MalwareProtection360updater.exe

C:\Users\Office Staff\AppData\Roaming\MalwareProtection360
2014-10-01 15:47 - 2014-07-07 10:45 - 00010240 _____ () C:\Users\Office Staff\AppData\Local\Z@!-3c433780-bf7b-4846-8466-7f8532c6a490.tmp
2014-10-01 15:47 - 2014-07-07 10:45 - 00010240 _____ () C:\Users\Office Staff\AppData\Local\Z@!-0ecadd18-0072-47e6-baa9-36f7ae4d6ab5.tmp
2014-10-01 15:47 - 2014-07-07 10:45 - 00009216 _____ () C:\Users\Office Staff\AppData\Local\Z@S!-c7ab5559-8a5e-44e3-9881-c1f07d9d9575.tmp

EmptyTemp:
Hosts:
*****************

"C:\Windows\SysWOW64\MSIHANDLE" => ":3229" ADS not found.
"C:\Windows\SysWOW64\MSIHANDLE" => ":3272" ADS not found.
"C:\Windows\SysWOW64\MSIHANDLE" => ":3373" ADS not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98A21189-F363-4998-AAA0-200EFCDB625F}" => Key not found.
"HKCR\CLSID\{98A21189-F363-4998-AAA0-200EFCDB625F}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98A21189-F363-4998-AAA0-200EFCDB625F}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{98A21189-F363-4998-AAA0-200EFCDB625F}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes -> Listing permissions failed. Access Denied.
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MalwareProtection360 => value deleted successfully.
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MalwareProtection360Updater => value deleted successfully.
C:\Users\Office Staff\AppData\Roaming\MalwareProtection360 => Moved successfully.
C:\Users\Office Staff\AppData\Local\Z@!-3c433780-bf7b-4846-8466-7f8532c6a490.tmp => Moved successfully.
C:\Users\Office Staff\AppData\Local\Z@!-0ecadd18-0072-47e6-baa9-36f7ae4d6ab5.tmp => Moved successfully.
C:\Users\Office Staff\AppData\Local\Z@S!-c7ab5559-8a5e-44e3-9881-c1f07d9d9575.tmp => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

 

Also received this when running the scan under the effected user. Should these be run under the administrator?

farbar%20stopped.JPG



#10 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 October 2014 - 02:51 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/23/2014
Scan Time: 3:34:44 AM
Logfile:
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.10.23.02
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michelle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349277
Time Elapsed: 11 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3680729045-1313690680-2505866355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aa744cccb1cb53e362f096c0ce35fa06],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3680729045-1313690680-2505866355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [52cc9c7c631913231194d29a22e202fe],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3680729045-1313690680-2505866355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, Quarantined, [52cc9c7c631913231194d29a22e202fe]

Registry Data: 0
(No malicious items detected)

Folders: 7
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [a17d70a8acd047effda0439d29d9e917],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Settings, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.Linkury.A, C:\Program Files (x86)\PennyBee, Quarantined, [938b5dbb720a2313129a15fc30d3e11f],
PUP.Optional.Linkury.A, C:\Program Files (x86)\PennyBee\Resources, Quarantined, [938b5dbb720a2313129a15fc30d3e11f],

Files: 14
PUP.Optional.BPlug, C:\Users\Michelle\AppData\Local\Temp\is1488139799\1DE257BB_stp.EXE, Quarantined, [c85674a47ffd7eb83ba8e0df37cab54b],
PUP.Optional.StormAlerts.A, C:\Users\Michelle\AppData\Local\Temp\is1488139799\1A5F0D09_stp\StormAlertsSetup.exe, Quarantined, [0816a96f0676b77fe0b29bcd7e837c84],
PUP.Optional.Bandoo, C:\Users\Office Staff\Downloads\iLividSetup-r514-n-bc.exe, Quarantined, [e73741d7f884b581650563bc0cf5ff01],
Rogue.Multiple, C:\ProgramData\374311380\BITF0D1.tmp, Quarantined, [a17d70a8acd047effda0439d29d9e917],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB28D7, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB2B47, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB2D2B.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB2E24.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB30B3.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB319D.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB3297.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Cache\00AB3352.bmp, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.MindSpark.A, C:\Users\Office Staff\AppData\LocalLow\MyScrapNook_12\bar\Settings\prevcfg2.htm, Quarantined, [43db76a2ee8ead8929d937ca9d667e82],
PUP.Optional.Linkury.A, C:\Program Files (x86)\PennyBee\Resources\ntdisie_32.dll, Quarantined, [938b5dbb720a2313129a15fc30d3e11f],

Physical Sectors: 0
(No malicious items detected)

(end)


Edited by cuznlucky, 23 October 2014 - 02:57 AM.


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:46 PM

Posted 29 October 2014 - 02:59 AM

Hi cuznlucky,

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 06 November 2014 - 03:43 PM

The malware is gone and the system is running better, I believe we have it now. Here is the log you asked for. Anything else look off?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Office Staff (ATTENTION: The logged in user is not administrator) on FRONTDESK on 04-11-2014 01:17:45
Running from C:\Users\Office Staff\Desktop
Loaded Profile: Office Staff (Available profiles: Michelle & Office Staff)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-06-10] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3680729045-1313690680-2505866355-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
GroupPolicyUsers\S-1-5-21-3680729045-1313690680-2505866355-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggbc_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0B0CtCtBzztAyC0E0D0C0EyDyDtAtN0D0Tzu0StCtDtDyEtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtB0D0CyByEyBzztGtByEyEtDtGyDyCzytCtG0CtB0CyCtGyDtByEtD0E0EyB0D0F0CyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtD0DyDtDyCzy0FtG0EyDyEyDtGyEtA0ByEtG0AyCzyyBtGyDyDtByByCyByEyCtAyDzzyE2Q&cr=438121480&ir=
SearchScopes: HKLM-x32 - DefaultScope {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {98A21189-F363-4998-AAA0-200EFCDB625F} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Office Staff\AppData\Roaming\Mozilla\Firefox\Profiles\dhm5wt6v.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Extension: Public Fox - C:\Users\Office Staff\AppData\Roaming\Mozilla\Firefox\Profiles\dhm5wt6v.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-02]
CHR Extension: (Google Docs) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-02]
CHR Extension: (Google Drive) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-02]
CHR Extension: (Google Search) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-02]
CHR Extension: (WebFilter Pro - The best filtering addon!) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgfoklefkbjadjcgjmnhfbdfjolojnn [2014-10-02]
CHR Extension: (Google Sheets) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-02]
CHR Extension: (avast! Online Security) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-02]
CHR Extension: (Dell Data Protection | Security Tools) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR Extension: (Gmail) - C:\Users\Office Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [248160 2014-06-10] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-06-10] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-06-10] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-09] (Validity Sensors, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] ()
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-06-10] ()
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-23] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-06-10] (Dell Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 01:17 - 2014-11-04 01:18 - 00019363 _____ () C:\Users\Office Staff\Desktop\FRST.txt
2014-11-03 18:07 - 2014-11-03 18:07 - 00001499 _____ () C:\Users\Office Staff\Desktop\Statements for October - Shortcut.lnk
2014-11-03 15:17 - 2014-11-03 15:17 - 00001391 _____ () C:\Users\Office Staff\Desktop\J. Brandon - Shortcut.lnk
2014-11-01 12:29 - 2014-11-01 12:29 - 00003134 _____ () C:\Users\Office Staff\Documents\clip_themedata.thmx
2014-11-01 12:29 - 2014-11-01 12:29 - 00000314 _____ () C:\Users\Office Staff\Documents\clip_colorschememapping.xml
2014-10-30 19:46 - 2014-10-30 19:46 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\IsolatedStorage
2014-10-30 19:46 - 2014-10-30 19:46 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\Intuit
2014-10-28 14:37 - 2014-10-28 14:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-28 14:37 - 2014-10-28 14:37 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-28 14:37 - 2014-10-28 14:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-28 14:32 - 2014-10-28 14:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-28 11:32 - 2014-10-28 11:32 - 00000202 _____ () C:\Users\Office Staff\Desktop\Home.url
2014-10-27 10:04 - 2014-10-27 10:04 - 00000445 _____ () C:\Users\Office Staff\Downloads\untitled-[2] (5)
2014-10-27 09:14 - 2014-10-27 09:14 - 01057488 _____ (Adobe) C:\Users\Office Staff\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-10-23 02:20 - 2014-10-23 02:20 - 00000000 ____D () C:\Users\Office Staff\AppData\Local\CrashDumps
2014-10-23 02:19 - 2014-11-04 01:17 - 00000000 ____D () C:\Users\Office Staff\Desktop\FRST-OlderVersion
2014-10-23 02:17 - 2014-10-23 02:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-23 02:17 - 2014-10-23 02:17 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 02:17 - 2014-10-23 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 02:17 - 2014-10-23 02:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 02:17 - 2014-10-23 02:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 02:17 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-23 02:17 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-23 02:17 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-23 02:12 - 2014-10-23 02:10 - 00002467 _____ () C:\Users\Office Staff\Desktop\fixlist.txt
2014-10-23 02:11 - 2014-10-23 02:23 - 00000000 ____D () C:\Users\Office Staff\Downloads\RDH
2014-10-17 23:32 - 2014-10-17 23:32 - 04161313 _____ () C:\Users\Office Staff\Downloads\tdsskiller.zip
2014-10-17 16:10 - 2014-10-30 15:51 - 00029560 _____ () C:\Users\Office Staff\Desktop\PTS Payroll Q3 2014.xlsx
2014-10-16 09:00 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 09:00 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 09:00 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 09:00 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 09:00 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 09:00 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 09:00 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 09:00 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 09:00 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 09:00 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 09:00 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 09:00 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 03:50 - 2014-10-17 17:32 - 00000516 _____ () C:\Users\Office Staff\Desktop\Workspace Login.website
2014-10-16 03:27 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:27 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:27 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:27 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:27 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:27 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:27 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:26 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 03:26 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 03:26 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 03:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 03:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 03:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 03:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 03:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 03:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 03:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 03:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 03:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 03:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 03:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 03:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 03:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 03:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 03:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 03:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 03:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 03:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 03:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 03:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 03:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 03:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 03:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 03:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 03:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 03:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 03:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 03:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 03:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 03:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 03:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 03:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 03:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 03:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 03:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 03:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 03:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 03:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 03:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 03:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 03:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 03:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 03:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 03:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 03:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 03:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 03:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 03:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 03:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 03:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 03:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 03:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 03:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 03:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 03:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 03:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 03:24 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 03:24 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 03:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 03:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 03:23 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:23 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 03:23 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 03:23 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 03:23 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 03:23 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 03:23 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 03:23 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 03:23 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 03:23 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 03:23 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 03:23 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 03:23 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 02:43 - 2014-10-16 02:43 - 00380416 _____ () C:\Users\Office Staff\Desktop\ry9pcl8t.exe
2014-10-16 02:32 - 2014-11-04 01:17 - 00000000 ____D () C:\FRST
2014-10-16 02:31 - 2014-11-04 01:17 - 02114560 _____ (Farbar) C:\Users\Office Staff\Desktop\FRST64.exe
2014-10-15 10:28 - 2014-10-15 10:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-08 19:33 - 2014-10-16 03:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-08 19:33 - 2014-10-16 03:55 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-07 19:42 - 2014-10-03 18:35 - 00001752 _____ () C:\Users\Office Staff\hosts.txt
2014-10-06 16:41 - 2014-10-10 12:22 - 00000000 ____D () C:\Users\Office Staff\Desktop\Ashley
2014-10-06 12:36 - 2014-10-06 12:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 00:44 - 2014-10-02 13:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 20:44 - 2014-10-02 13:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 20:33 - 2014-07-10 14:01 - 01492286 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 19:53 - 2014-09-30 07:03 - 00001246 __RSH () C:\Users\Office Staff\ntuser.pol
2014-11-03 19:53 - 2014-09-30 07:03 - 00000000 ____D () C:\Users\Office Staff
2014-11-03 18:27 - 2013-11-07 14:41 - 00015481 _____ () C:\Users\Office Staff\Desktop\Krista's working list.xlsx
2014-11-03 18:08 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 18:08 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 18:06 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 18:03 - 2014-07-10 12:16 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-11-03 18:01 - 2014-09-30 09:51 - 00131072 ___SH () C:\CredSED.dat
2014-11-03 18:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 17:59 - 2009-07-13 23:51 - 00037272 _____ () C:\Windows\setupact.log
2014-11-03 16:35 - 2014-01-29 17:37 - 00086969 _____ () C:\Users\Office Staff\Desktop\Mailed Statements.xlsx
2014-11-03 15:03 - 2014-10-01 11:57 - 00016177 _____ () C:\Users\Office Staff\Desktop\Monthly Re-evaluation Auth List.xlsx
2014-11-03 13:44 - 2014-07-17 09:16 - 00014166 _____ () C:\Users\Office Staff\Desktop\CURRENT usernames and passwords.xlsx
2014-11-03 11:46 - 2014-09-30 13:42 - 00000000 ____D () C:\Users\Office Staff\Desktop\MARY
2014-11-01 11:58 - 2014-09-30 06:34 - 00000000 ____D () C:\Users\Michelle
2014-10-31 07:57 - 2014-10-01 15:09 - 00000000 ____D () C:\Users\Office Staff\Desktop\Krista
2014-10-30 20:30 - 2014-10-02 13:19 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-28 18:46 - 2010-11-20 22:47 - 00190300 _____ () C:\Windows\PFRO.log
2014-10-28 14:37 - 2014-07-10 12:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-28 11:31 - 2014-08-19 13:01 - 00013118 _____ () C:\Users\Office Staff\Desktop\Absences 2014.xlsx
2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 09:55 - 2014-03-31 10:06 - 00016886 _____ () C:\Users\Office Staff\Desktop\PPEC.payroll.xlsx
2014-10-25 20:13 - 2014-09-30 06:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-23 02:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache
2014-10-18 00:03 - 2014-07-10 12:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 00:03 - 2014-07-10 12:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 23:38 - 2014-09-30 08:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 23:38 - 2009-07-13 23:45 - 00327128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 17:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 08:55 - 2014-10-01 14:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-08 19:35 - 2014-10-01 09:02 - 00000208 _____ () C:\Users\Office Staff\Desktop\UnitedHealthcare Online.url
2014-10-08 19:31 - 2014-10-02 13:26 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite18783.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite31148.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite84288.dll
C:\Users\Office Staff\AppData\Local\Temp\System.Data.SQLite97614.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================



#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:46 PM

Posted 07 November 2014 - 03:34 AM

Looks good so far, but I would like to check something. Please open FRST, place a check next to the box Addition und click on the scan button.

Please post the Addition.txt in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 cuznlucky

cuznlucky
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 07 November 2014 - 01:30 PM

I have the addition file from the same run, I should have posted it as well. Here it is.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Office Staff at 2014-11-04 01:18:18
Running from C:\Users\Office Staff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF8300 Series (HKLM\...\{E47364AA-6B5E-45a2-B94F-BC5D9D6A0338}) (Version: - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
CmgMasterPrerequisites (x32 Version: 1.4.0.629 - Credant Technologies Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (HKLM\...\{87C03608-FD28-45B8-A8C8-F9B34F971EB6}) (Version: 8.4.0.1531 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.0.629 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.0.629 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DigitalPersona TouchChip Driver (Version: 1.6.3.379 - DigitalPersona, Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Validity WBF DDK 495 (HKLM\...\{F622E82E-AFFA-4784-A08F-74311F5716CA}) (Version: 4.5.238.0 - Validity Sensors, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-07 20:06 - 00001752 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 facebook.com
127.0.0.1 pof.com
127.0.0.1 youtube.com
127.0.0.1 craigslist.org
127.0.0.1 mymove.com
127.0.0.1 thawte.com
127.0.0.1 manateeclerk.org
127.0.0.1 liveperson.net
127.0.0.1 everestjs.net
127.0.0.1 onlinesearches.com
127.0.0.1 parkingticketpayment.com
127.0.0.1 open-public-records.com
127.0.0.1 vacriminaldefenselawyer.com
127.0.0.1 vbgov.com
127.0.0.1 va.us
127.0.0.1 virginiainteractive.org
127.0.0.1 maricopa.gov
127.0.0.1 restrainingorderabuse.com
127.0.0.1 sharethrough.com
127.0.0.1 restrainingorderblog.com
127.0.0.1 blogger.com
127.0.0.1 blogblog.com
127.0.0.1 downloadsbrowser.com
127.0.0.1 jollywallet.com
127.0.0.1 freecreditscore.com
127.0.0.1 googleadservices.com
127.0.0.1 addthis.com
127.0.0.1 qualtrics.com
127.0.0.1 cloudfront.net

There are 5 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2014-10-25 20:13 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-10 12:17 - 2014-03-12 12:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-10 12:17 - 2014-03-12 12:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-07-10 12:17 - 2014-03-12 12:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-06-10 21:23 - 2014-06-10 21:23 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-06-10 21:23 - 2014-06-10 21:23 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2014-06-10 21:23 - 2014-06-10 21:23 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-06-10 21:23 - 2014-06-10 21:23 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-06-10 21:23 - 2014-06-10 21:23 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3229
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3272
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3373

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3680729045-1313690680-2505866355-500 - Administrator - Disabled)
Guest (S-1-5-21-3680729045-1313690680-2505866355-501 - Limited - Disabled)
Michelle (S-1-5-21-3680729045-1313690680-2505866355-1000 - Administrator - Enabled) => C:\Users\Michelle
Office Staff (S-1-5-21-3680729045-1313690680-2505866355-1001 - Limited - Enabled) => C:\Users\Office Staff

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 06:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 00:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 11:58:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2014 07:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:43:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 09:05:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected.
.

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected.
.


System errors:
=============
Error: (11/03/2014 06:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:09:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:09:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:09:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 06:00:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/03/2014 05:59:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:58:51 PM on ‎11/‎3/‎2014 was unexpected.

Error: (11/03/2014 05:33:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (11/03/2014 05:28:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.


Microsoft Office Sessions:
=========================
Error: (11/03/2014 06:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 00:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 11:58:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/31/2014 07:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:43:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 07:31:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 09:05:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, The media is write protected.

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, The media is write protected.

Error: (10/29/2014 04:58:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, The media is write protected.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 42%
Total physical RAM: 4014.7 MB
Available physical RAM: 2326.18 MB
Total Pagefile: 8027.58 MB
Available Pagefile: 6231.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:407.29 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:46 PM

Posted 07 November 2014 - 02:32 PM

Please reset Internet Explorer:

http://support.microsoft.com/kb/923737

 

 

When everything is working fine we can cleanup our work in the next step.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users