Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware - Unsure What Kind it is...


  • This topic is locked This topic is locked
18 replies to this topic

#1 masskonfuzion

masskonfuzion

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 15 October 2014 - 11:31 PM

Hi all,

 

Can someone help me decipher my HiJackThis log?  Do any files look like they could be infected?  I am trying to remove strange malware from a Dell XPS 13 netbook (Windows 8.1, v. 6.3.9600 Build 9600, x64 architecture).  

 

Quick Background:  In Google Chrome, I was getting weird pop-up ads telling me that my computer has malware, and they instructed me to dial a phone number for support. (I did not dial the phone number).  I removed a Google Chrome extension that I did not install.  Unfortunately, I did not get a screen capture of the pop-up or the name of the Chrome extension, but in Chrome, when I ads on google.com would display with "Ads by Royal Coupon."

 

After removing the extension, I ran HiJackThis.  My log is below.  I checked FireFox, but it did not have any unknown extensions.  Also, at the time of this posting, I did not check IE, but I will update IE and install any critical Windows Updates.

 

 

Here is my log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:20 PM, on 10/15/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\PowerMenu\PowerMenu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: PowerMenu.lnk = C:\Program Files (x86)\PowerMenu\PowerMenu.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs:  
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: CyberLink Product - 2014/08/12 16:10:52 (CLKMSVC10_99E320F5) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9950 bytes
 
 
 
Thanks,
 
Mass KonFuzion

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 17 October 2014 - 08:19 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 October 2014 - 11:44 AM

Hi Marius,

 

Thanks for your reply.  I ran the scanning tools as you instructed.  FRST and TDSS Killer ran successfully, but GMER failed to run.  GMER gave me the error:  "C:\windows\system32\config\system: The process cannot access the file because it is being used by another process."

 

I will paste the log output for FRST and TDSS Killer in following posts.

 
 
Thanks again.

FRST.txt Output

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01

Ran by Kathy (administrator) on WINDOWS-ELSPL74 on 18-10-2014 11:25:57
Running from C:\Users\Kathy\Downloads\Anti-Malware Tools for Boo Boo
Loaded Profile: Kathy (Available profiles: Kathy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
(Thong Nguyen) C:\Program Files (x86)\PowerMenu\PowerMenu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3059360 2012-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\Run: [DellSystemDetect] => C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-13] (Dell)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\MountPoints2: {395f1c60-378e-11e4-8252-e82aea62a510} - "D:\SISetup.exe" 
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
ShortcutTarget: PowerMenu.lnk -> C:\Program Files (x86)\PowerMenu\PowerMenu.exe (Thong Nguyen)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\96izfjtr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\96izfjtr.default\user.js
 
Chrome: 
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]
CHR Extension: (Bulk Image Downloader) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2014-09-28]
CHR Extension: (Google Sheets) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [96256 2013-04-05] (SMSC)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3668960 2013-12-20] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2013-10-16] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\Kathy\Downloads\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2014-10-13] (OpenLibSys.org)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 11:25 - 2014-10-18 11:26 - 00000000 ____D () C:\FRST
2014-10-18 11:23 - 2014-10-18 11:25 - 00000000 ____D () C:\Users\Kathy\Downloads\Anti-Malware Tools for Boo Boo
2014-10-18 11:20 - 2014-10-18 11:24 - 00120855 _____ () C:\windows\WindowsUpdate.log
2014-10-15 23:52 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-10-15 23:52 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-10-15 23:52 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 23:52 - 2014-09-07 17:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 23:52 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 23:52 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 23:52 - 2014-09-03 22:15 - 00561416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-10-15 23:52 - 2014-09-03 22:14 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-10-15 23:52 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-10-15 23:52 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-10-15 23:52 - 2014-09-03 20:19 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-10-15 23:52 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-10-15 23:52 - 2014-09-03 19:45 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-10-15 23:52 - 2014-09-03 19:41 - 01420288 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-15 23:52 - 2014-09-03 19:36 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 23:52 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-10-15 23:52 - 2014-09-03 19:15 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 23:52 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-10-15 23:52 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-15 23:52 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-15 23:52 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-10-15 23:52 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-10-15 23:52 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-10-15 23:52 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-10-15 23:52 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-10-15 23:52 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 23:52 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-10-15 23:52 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-10-15 23:52 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 23:52 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 23:52 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-10-15 23:52 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-10-15 23:52 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-10-15 22:49 - 2014-10-15 22:49 - 00003007 _____ () C:\Users\Kathy\Desktop\HiJackThis.lnk
2014-10-15 22:49 - 2014-10-15 22:49 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-15 22:49 - 2014-10-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-15 22:48 - 2014-10-15 22:48 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-10-15 22:48 - 2014-10-15 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-15 22:48 - 2014-10-15 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-15 22:46 - 2014-10-15 22:46 - 04965896 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup418.exe
2014-10-15 20:56 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 20:56 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 20:56 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-10-15 20:56 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-10-15 20:56 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2014-10-15 20:54 - 2014-10-15 20:54 - 00000000 ____D () C:\Users\Kathy\AppData\Local\LogMeIn
2014-10-15 20:54 - 2014-10-15 20:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-15 19:47 - 2014-10-15 19:47 - 00000000 ____D () C:\Users\Kathy\AppData\Local\LogMeIn Client
2014-10-15 19:29 - 2014-10-15 19:29 - 00000000 ____D () C:\Users\Kathy\Downloads\Autoruns
2014-10-15 19:28 - 2014-10-15 19:28 - 00511633 _____ () C:\Users\Kathy\Downloads\Autoruns.zip
2014-10-15 19:23 - 2014-10-15 23:38 - 00000000 ____D () C:\Users\Kathy\Downloads\Everything-1.3.4.686.x64.Multilingual
2014-10-15 19:23 - 2014-10-15 19:23 - 00905955 _____ () C:\Users\Kathy\Downloads\Everything-1.3.4.686.x64.Multilingual.zip
2014-10-15 18:54 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 18:53 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-10-15 18:53 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-10-15 18:53 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-10-15 18:53 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-10-15 18:53 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-10-15 18:53 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-10-15 18:53 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-10-15 18:53 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-10-15 18:53 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-10-15 18:53 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-10-15 18:53 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-10-15 18:53 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-10-15 18:53 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-10-15 18:53 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-10-15 18:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 18:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 18:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 18:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 18:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 18:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 18:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 18:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 18:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 18:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 18:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 18:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 18:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 18:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 18:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 18:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 18:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 18:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 18:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 18:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 18:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 18:52 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 18:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 18:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 18:52 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 18:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 18:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 18:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 18:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 18:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 18:51 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 18:51 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 18:51 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 18:51 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 18:51 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-10-15 18:51 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 18:51 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 18:51 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\windows\system32\propsys.dll
2014-10-15 18:51 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 18:51 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-10-15 18:51 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\windows\SysWOW64\propsys.dll
2014-10-15 18:51 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 18:51 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-10-15 18:51 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2014-10-15 18:51 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-10-15 18:51 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-10-15 18:51 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\ProximityService.dll
2014-10-15 18:51 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-10-15 18:51 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2014-10-15 18:51 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-10-15 18:51 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-10-15 18:51 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\pcsvDevice.dll
2014-10-15 18:51 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 18:51 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2014-10-15 18:51 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
2014-10-15 18:51 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll
2014-10-15 18:51 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 18:51 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-10-15 18:51 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2014-10-15 18:51 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFolder.dll
2014-10-15 18:51 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-15 18:51 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2014-10-15 18:51 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 18:51 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-14 20:05 - 2014-10-14 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 21:55 - 2014-10-13 21:56 - 00000000 ____D () C:\Users\Kathy\Downloads\RealTemp
2014-10-13 21:54 - 2014-10-13 21:54 - 00330853 _____ () C:\Users\Kathy\Downloads\RealTemp_370.zip
2014-10-13 21:43 - 2014-10-15 18:51 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\PCDr
2014-10-13 21:41 - 2014-10-13 21:41 - 00417064 _____ () C:\Users\Kathy\Downloads\DellSystemDetect.exe
2014-10-13 21:41 - 2014-10-13 21:41 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-12 16:45 - 2014-10-12 16:45 - 00000165 ____H () C:\Users\Kathy\Downloads\~$Week #6 2014 - KF.xlsx
2014-10-12 10:10 - 2014-10-12 10:10 - 00018486 _____ () C:\Users\Kathy\Downloads\Week #6 2014 - KF.xlsx
2014-10-12 09:55 - 2014-10-12 09:55 - 00047104 _____ () C:\Users\Kathy\Downloads\Week #6 2014.xls
2014-10-11 16:41 - 2014-10-11 16:41 - 00026382 _____ () C:\Users\Kathy\Downloads\Report_from_Rightpoint.xlsx
2014-10-09 00:17 - 2014-10-09 00:17 - 00015872 ___SH () C:\Users\Kathy\Desktop\Thumbs.db
2014-10-07 19:20 - 2014-09-22 01:42 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-07 18:14 - 2014-10-07 18:14 - 00000796 _____ () C:\Users\Kathy\Downloads\Vendor7057.csv
2014-10-07 18:09 - 2014-10-15 19:25 - 00000004 _____ () C:\Users\Kathy\AppData\Roaming\appdataFr2.bin
2014-10-02 18:24 - 2014-10-02 18:24 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-10-02 18:24 - 2014-10-02 18:24 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-10-02 18:24 - 2014-10-02 18:24 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-10-02 18:14 - 2014-10-02 18:14 - 00161153 _____ () C:\Users\Kathy\AppData\Local\ars.cache
2014-10-02 18:14 - 2014-10-02 18:14 - 00110279 _____ () C:\Users\Kathy\AppData\Local\census.cache
2014-10-02 18:10 - 2014-10-02 18:10 - 00000010 _____ () C:\Users\Kathy\AppData\Local\sponge.last.runtime.cache
2014-10-02 18:06 - 2014-10-02 18:06 - 00000036 _____ () C:\Users\Kathy\AppData\Local\housecall.guid.cache
2014-10-02 18:06 - 2013-09-02 02:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-09-29 20:29 - 2014-09-30 18:16 - 00005000 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-ELSPL74-Kathy WINDOWS-ELSPL74
2014-09-28 21:08 - 2014-09-30 10:16 - 00020482 _____ () C:\Users\Kathy\Downloads\ACTG 500 - 4-13 assignment.xlsx
2014-09-28 20:41 - 2014-10-02 18:07 - 00000000 ____D () C:\ProgramData\dae9aa3fe7d0b651
2014-09-28 16:47 - 2014-09-28 16:47 - 00007944 _____ () C:\Users\Kathy\Downloads\Quickbooks-Rightpoint.rdp
2014-09-28 14:00 - 2014-07-24 10:28 - 00143680 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-09-28 14:00 - 2014-07-24 10:20 - 00645592 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-28 14:00 - 2014-07-24 10:16 - 02574208 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-28 14:00 - 2014-07-24 10:07 - 02009920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-09-28 14:00 - 2014-07-24 10:03 - 02141920 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-28 14:00 - 2014-07-24 10:03 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-28 14:00 - 2014-07-24 08:48 - 02410976 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-28 14:00 - 2014-07-24 08:36 - 02145472 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-28 14:00 - 2014-07-24 08:36 - 00707536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-09-28 14:00 - 2014-07-24 08:36 - 00355800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-28 14:00 - 2014-07-24 08:36 - 00180720 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2014-09-28 14:00 - 2014-07-24 06:44 - 00674816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-28 14:00 - 2014-07-24 06:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2014-09-28 14:00 - 2014-07-24 06:42 - 01200640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-28 14:00 - 2014-07-24 05:20 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2014-09-28 14:00 - 2014-07-24 04:44 - 16874496 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-28 14:00 - 2014-07-24 04:39 - 00770048 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2014-09-28 14:00 - 2014-07-24 04:33 - 01741824 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2014-09-28 14:00 - 2014-07-24 04:16 - 12730880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-28 14:00 - 2014-07-24 04:03 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-09-28 14:00 - 2014-07-24 03:53 - 01261056 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2014-09-28 14:00 - 2014-07-24 03:38 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-09-28 14:00 - 2014-07-24 03:32 - 01532416 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-09-28 14:00 - 2014-07-24 03:29 - 00439296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-28 14:00 - 2014-07-24 03:21 - 01231872 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-28 14:00 - 2014-07-24 03:21 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-09-28 14:00 - 2014-07-24 03:18 - 00795136 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2014-09-28 14:00 - 2014-07-24 03:10 - 00889344 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-28 14:00 - 2014-07-24 03:01 - 01992192 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-09-28 14:00 - 2014-07-24 02:50 - 01182208 _____ (Microsoft Corporation) C:\windows\system32\printui.dll
2014-09-28 14:00 - 2014-07-24 02:44 - 01057792 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.dll
2014-09-28 14:00 - 2014-07-24 02:28 - 01600000 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2014-09-28 14:00 - 2014-07-23 23:11 - 00513544 _____ () C:\windows\SysWOW64\locale.nls
2014-09-28 14:00 - 2014-07-23 23:11 - 00513544 _____ () C:\windows\system32\locale.nls
2014-09-28 14:00 - 2014-07-04 04:30 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\AppxPackaging.dll
2014-09-28 14:00 - 2014-07-04 04:27 - 00474112 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxPackaging.dll
2014-09-28 14:00 - 2014-06-14 01:03 - 02389504 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-28 14:00 - 2014-06-14 00:46 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-28 14:00 - 2014-06-05 05:18 - 01018368 _____ (Microsoft Corporation) C:\windows\system32\aclui.dll
2014-09-28 14:00 - 2014-06-05 04:42 - 00889856 _____ (Microsoft Corporation) C:\windows\SysWOW64\aclui.dll
2014-09-28 14:00 - 2014-05-05 23:41 - 00486744 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-28 14:00 - 2014-05-05 19:55 - 00391000 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-28 13:59 - 2014-07-24 10:28 - 00468288 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-28 13:59 - 2014-07-24 10:28 - 00419648 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-28 13:59 - 2014-07-24 10:28 - 00412992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-09-28 13:59 - 2014-07-24 10:28 - 00280384 ____C (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2014-09-28 13:59 - 2014-07-24 10:23 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-09-28 13:59 - 2014-07-24 10:23 - 00125472 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-09-28 13:59 - 2014-07-24 10:20 - 00263400 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2014-09-28 13:59 - 2014-07-24 10:16 - 00211216 _____ (Microsoft Corporation) C:\windows\system32\SndVol.exe
2014-09-28 13:59 - 2014-07-24 10:05 - 01660048 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-28 13:59 - 2014-07-24 10:05 - 01519560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-28 13:59 - 2014-07-24 10:05 - 01488008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-28 13:59 - 2014-07-24 10:05 - 01356840 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-28 13:59 - 2014-07-24 10:03 - 00882136 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-09-28 13:59 - 2014-07-24 10:03 - 00233888 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-09-28 13:59 - 2014-07-24 10:03 - 00205512 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2014-09-28 13:59 - 2014-07-24 08:50 - 00098048 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-09-28 13:59 - 2014-07-24 08:48 - 00180208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SndVol.exe
2014-09-28 13:59 - 2014-07-24 08:46 - 00477200 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-28 13:59 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTT102.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-09-28 13:59 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-09-28 13:59 - 2014-07-24 06:47 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-28 13:59 - 2014-07-24 06:46 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-09-28 13:59 - 2014-07-24 06:45 - 00076800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-28 13:59 - 2014-07-24 06:42 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2014-09-28 13:59 - 2014-07-24 06:42 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys
2014-09-28 13:59 - 2014-07-24 06:41 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2014-09-28 13:59 - 2014-07-24 06:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys
2014-09-28 13:59 - 2014-07-24 06:22 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2014-09-28 13:59 - 2014-07-24 06:06 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\iasnap.dll
2014-09-28 13:59 - 2014-07-24 06:05 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-28 13:59 - 2014-07-24 06:05 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-28 13:59 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-09-28 13:59 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTT102.DLL
2014-09-28 13:59 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-09-28 13:59 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-09-28 13:59 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-09-28 13:59 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-09-28 13:59 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-09-28 13:59 - 2014-07-24 05:49 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersGPExt.dll
2014-09-28 13:59 - 2014-07-24 05:33 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-28 13:59 - 2014-07-24 05:32 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-28 13:59 - 2014-07-24 05:18 - 01089024 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-28 13:59 - 2014-07-24 05:12 - 00878592 _____ (Microsoft Corporation) C:\windows\system32\ActionCenter.dll
2014-09-28 13:59 - 2014-07-24 05:10 - 01844224 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-09-28 13:59 - 2014-07-24 05:10 - 00834560 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-28 13:59 - 2014-07-24 05:10 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-28 13:59 - 2014-07-24 05:10 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\iasnap.dll
2014-09-28 13:59 - 2014-07-24 05:09 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-09-28 13:59 - 2014-07-24 05:05 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersShell.dll
2014-09-28 13:59 - 2014-07-24 04:53 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2014-09-28 13:59 - 2014-07-24 04:52 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll
2014-09-28 13:59 - 2014-07-24 04:42 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-28 13:59 - 2014-07-24 04:40 - 00557056 _____ (Microsoft Corporation) C:\windows\system32\PrintDialogs.dll
2014-09-28 13:59 - 2014-07-24 04:32 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-28 13:59 - 2014-07-24 04:27 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-09-28 13:59 - 2014-07-24 04:27 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-28 13:59 - 2014-07-24 04:25 - 00832512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ActionCenter.dll
2014-09-28 13:59 - 2014-07-24 04:24 - 01817088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-09-28 13:59 - 2014-07-24 04:21 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2014-09-28 13:59 - 2014-07-24 04:18 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wlansvcpal.dll
2014-09-28 13:59 - 2014-07-24 04:14 - 00443904 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-09-28 13:59 - 2014-07-24 04:13 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2014-09-28 13:59 - 2014-07-24 04:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2014-09-28 13:59 - 2014-07-24 04:11 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-28 13:59 - 2014-07-24 04:11 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll
2014-09-28 13:59 - 2014-07-24 04:10 - 00540672 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll
2014-09-28 13:59 - 2014-07-24 04:04 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintDialogs.dll
2014-09-28 13:59 - 2014-07-24 04:04 - 00183808 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-09-28 13:59 - 2014-07-24 04:02 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-09-28 13:59 - 2014-07-24 03:58 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll
2014-09-28 13:59 - 2014-07-24 03:53 - 00449536 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-09-28 13:59 - 2014-07-24 03:49 - 01361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-09-28 13:59 - 2014-07-24 03:49 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-09-28 13:59 - 2014-07-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-09-28 13:59 - 2014-07-24 03:48 - 00659968 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Bluetooth.dll
2014-09-28 13:59 - 2014-07-24 03:47 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-28 13:59 - 2014-07-24 03:43 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll
2014-09-28 13:59 - 2014-07-24 03:39 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-09-28 13:59 - 2014-07-24 03:36 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll
2014-09-28 13:59 - 2014-07-24 03:30 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-09-28 13:59 - 2014-07-24 03:28 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-28 13:59 - 2014-07-24 03:23 - 01404416 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-09-28 13:59 - 2014-07-24 03:22 - 00487936 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2014-09-28 13:59 - 2014-07-24 03:20 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2014-09-28 13:59 - 2014-07-24 03:18 - 01144320 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-28 13:59 - 2014-07-24 03:16 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\VAN.dll
2014-09-28 13:59 - 2014-07-24 03:16 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-28 13:59 - 2014-07-24 03:15 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\twinapi.dll
2014-09-28 13:59 - 2014-07-24 03:15 - 00432128 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-28 13:59 - 2014-07-24 03:13 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\SndVolSSO.dll
2014-09-28 13:59 - 2014-07-24 03:10 - 00371712 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2014-09-28 13:59 - 2014-07-24 03:08 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-28 13:59 - 2014-07-24 03:08 - 00162816 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2014-09-28 13:59 - 2014-07-24 03:05 - 00448000 _____ (Microsoft Corporation) C:\windows\SysWOW64\VAN.dll
2014-09-28 13:59 - 2014-07-24 03:00 - 02100736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-28 13:59 - 2014-07-24 02:58 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-28 13:59 - 2014-07-24 02:58 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-28 13:59 - 2014-07-24 02:54 - 01290752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-09-28 13:59 - 2014-07-24 02:49 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2014-09-28 13:59 - 2014-07-24 02:47 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-28 13:59 - 2014-07-24 02:43 - 00200192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2014-09-28 13:59 - 2014-07-24 02:41 - 00459264 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-28 13:59 - 2014-07-24 02:33 - 03360768 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-28 13:59 - 2014-07-12 00:55 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\wisp.dll
2014-09-28 13:59 - 2014-07-11 23:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wisp.dll
2014-09-28 13:59 - 2014-07-04 07:59 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-28 13:59 - 2014-07-04 05:29 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll
2014-09-28 13:59 - 2014-07-04 05:20 - 01656832 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-28 13:59 - 2014-07-04 05:06 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll
2014-09-28 13:59 - 2014-07-04 05:00 - 01351168 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-28 13:59 - 2014-06-27 01:22 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-28 13:59 - 2014-06-25 19:32 - 01029632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-09-28 13:59 - 2014-06-25 19:29 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2014-09-28 13:59 - 2014-06-19 18:37 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-28 13:59 - 2014-06-18 21:13 - 00310080 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-09-28 13:59 - 2014-06-07 07:46 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-28 13:59 - 2014-06-07 05:20 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-28 13:59 - 2014-06-05 09:00 - 01118040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-28 13:59 - 2014-05-31 00:00 - 01463808 _____ (Microsoft Corporation) C:\windows\system32\wsecedit.dll
2014-09-28 13:59 - 2014-05-30 23:18 - 01319936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsecedit.dll
2014-09-28 13:59 - 2014-05-29 01:23 - 00427008 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-28 13:59 - 2014-05-29 00:25 - 00313856 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-28 13:59 - 2014-05-26 02:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\AppxSysprep.dll
2014-09-28 13:59 - 2014-05-10 05:12 - 00387896 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2014-09-28 13:59 - 2014-05-10 03:46 - 00335680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2014-09-28 13:59 - 2014-03-24 21:27 - 00160600 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-28 13:59 - 2014-03-24 21:27 - 00123920 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-28 13:59 - 2014-03-24 20:20 - 00128568 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-28 13:59 - 2014-03-24 20:20 - 00127544 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 __SHD () C:\Users\Kathy\AppData\Local\EmieUserList
2014-09-26 21:15 - 2014-09-26 21:15 - 00000000 __SHD () C:\Users\Kathy\AppData\Local\EmieSiteList
2014-09-25 23:01 - 2014-09-25 23:01 - 00011506 _____ () C:\Users\Kathy\Downloads\CSU.xlsx
2014-09-25 22:59 - 2014-09-25 22:59 - 00002758 _____ () C:\Users\Kathy\Downloads\openair.csv
2014-09-25 22:46 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-09-25 22:43 - 2014-10-15 21:11 - 00000000 ____D () C:\windows\system32\MRT
2014-09-25 22:43 - 2014-10-15 21:08 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-24 07:44 - 2014-10-15 23:59 - 00000000 ____D () C:\windows\Minidump
2014-09-21 16:27 - 2014-09-21 16:29 - 00082050 _____ () C:\Users\Kathy\Downloads\image (2).jpeg
2014-09-20 18:55 - 2014-09-20 18:55 - 00001036 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-09-20 18:55 - 2014-09-20 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-09-20 18:55 - 2014-09-20 18:55 - 00000000 ____D () C:\Program Files\Tracker Software
2014-09-20 18:46 - 2014-09-20 18:48 - 00000000 ____D () C:\Users\Kathy\AppData\Local\paint.net
2014-09-20 18:46 - 2014-09-20 18:46 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-09-20 18:46 - 2014-09-20 18:46 - 00001190 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-09-20 18:46 - 2014-09-20 18:46 - 00000000 ____D () C:\Program Files\paint.net
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 11:24 - 2014-09-08 14:39 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0DD750B8-78E3-44C0-BE08-5A3E84863BF8}
2014-10-18 11:20 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-16 00:00 - 2014-09-08 14:41 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4112325925-1048117983-2943846805-1001
2014-10-15 23:59 - 2014-08-12 16:20 - 00000000 ____D () C:\windows\Panther
2014-10-15 23:59 - 2014-08-12 15:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-15 23:57 - 2014-08-12 16:11 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-15 23:55 - 2014-09-11 20:15 - 00000000 ___DO () C:\Users\Kathy\OneDrive
2014-10-15 23:55 - 2014-09-08 14:50 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-15 23:55 - 2014-09-08 14:49 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 23:55 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-15 23:54 - 2014-09-08 14:49 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 23:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ToastData
2014-10-15 23:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-10-15 23:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-15 23:52 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2014-10-15 23:41 - 2013-08-22 09:44 - 00493392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-15 23:40 - 2014-09-08 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\WinStore
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera
2014-10-15 23:38 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy
2014-10-15 22:50 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy\AppData\Local\VirtualStore
2014-10-14 18:57 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Packages
2014-10-13 21:52 - 2014-08-12 16:13 - 00000000 ____D () C:\Temp
2014-10-13 21:46 - 2014-08-12 16:19 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-13 21:46 - 2014-08-12 16:18 - 00000000 ____D () C:\Program Files\My Dell
2014-10-13 21:41 - 2014-09-08 14:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Deployment
2014-10-13 21:08 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-08 23:15 - 2014-08-12 16:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-07 19:21 - 2013-08-22 10:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-07 19:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-06 01:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2014-10-02 18:07 - 2014-09-15 19:22 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-02 17:54 - 2013-08-22 14:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\setup
2014-10-02 17:54 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\oobe
2014-09-29 19:33 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-09-29 17:45 - 2013-08-22 10:38 - 00706016 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-28 20:01 - 2014-09-08 14:43 - 00000000 ____D () C:\ProgramData\374311380
2014-09-26 21:03 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-26 21:03 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-26 21:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-26 21:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-24 21:04 - 2014-09-08 15:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-21 12:48 - 2014-09-08 23:38 - 00083968 ___SH () C:\Users\Kathy\Downloads\Thumbs.db
2014-09-20 18:49 - 2014-09-08 15:14 - 00063361 _____ () C:\Users\Kathy\Downloads\image.jpeg
2014-09-20 18:48 - 2014-09-14 17:33 - 00038282 _____ () C:\Users\Kathy\Downloads\image (1).jpeg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-12 07:32
 
==================== End Of Log ============================


#4 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 October 2014 - 11:46 AM

Addition.txt Output

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Kathy at 2014-10-18 11:27:11
Running from C:\Users\Kathy\Downloads\Anti-Malware Tools for Boo Boo
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.3205.55 - CyberLink Corp.) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.6 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PowerMenu 1.51 (HKLM-x32\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.2.08 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7095 - Realtek Semiconductor Corp.)
Update for Microsoft en-us Dictionary (Version: 16.1.1111.1 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-10-2014 23:23:53 DCInstallRestorePoint
12-10-2014 00:49:31 Scheduled Checkpoint
16-10-2014 01:18:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01625589-C69D-4D12-92AA-B2DE02AABA24} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {03439E49-0790-4FDB-A1EA-CB6145E6F6A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09AF9522-FDD4-43DB-B844-9316D9D9068C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13213EA4-5C8C-4218-BA36-84EBE9FCC52D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {202E0950-583D-43A4-A67E-1026DA45D529} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D45225F-AC73-41E2-8885-4CA53FBDD559} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-24] (Microsoft Corporation)
Task: {2E558F1E-75ED-4C11-88C5-882512258E06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4270A1E8-B100-4B6F-A39A-A39DDAD85FC8} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {479B1582-7E0A-418D-997F-559016EC45E4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EA52C4A-3AAD-4DCA-A151-C30DAF45A9E8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {55B4FC58-F050-4214-A995-F2F992701C39} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {62F50D3E-3A48-4C62-B63B-4576A479ADD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: {64B37EC0-9887-4FC6-94C4-F69D15DF7FF6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8096B93D-D94E-4F70-A4A0-C92071F19E58} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-24] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8ADD6F51-7DA6-44A1-AC0A-A65717597BEF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8B2C8EC9-65F9-4EA6-894A-A1B23160335A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-24] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {97438734-4FF7-48F7-84BB-DBFDFF25ED42} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-16] (Synaptics Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B58857AD-3E36-4D2D-BBD4-05BEF9990B23} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B7A0B5C0-4F21-4F7D-824B-4E12B1D916D4} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)
Task: {BD8DF963-045B-46FA-A511-176E703DB9EF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-ELSPL74-Kathy WINDOWS-ELSPL74 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-24] (Microsoft Corporation)
Task: {BFD4A94C-AF53-494F-A8A0-0D281A94EB96} - System32\Tasks\RtHDVBg_MA3Firmware => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)
Task: {C5B8B585-CA4E-4957-B559-00E3CA8578C0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-11-19] (Realtek Semiconductor)
Task: {C7D8CB62-D5B6-49A6-AE05-BC4079827C42} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C918A202-609C-47A5-A875-17125D386F6A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CA99E151-2F84-409B-8AC7-B16CA5F08651} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E058136E-B062-4520-A2AA-064DE2A5900D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8D296C3-3424-425E-91C9-1A8DB608478D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-08 15:27 - 2010-03-04 15:56 - 00289280 _____ () C:\windows\System32\HP1100LM.DLL
2014-09-08 15:27 - 2010-03-04 15:56 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-09-08 15:06 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-24 20:51 - 2014-09-24 20:51 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-12 16:12 - 2013-08-19 10:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-08-12 16:12 - 2013-08-19 10:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-08-12 16:12 - 2013-08-19 10:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-24 07:41 - 2014-09-24 07:41 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-08-12 16:05 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-08-12 16:25 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-24 20:56 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 20:56 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 20:56 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 20:56 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 20:56 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Kathy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Kathy\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4112325925-1048117983-2943846805-500 - Administrator - Disabled)
Guest (S-1-5-21-4112325925-1048117983-2943846805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4112325925-1048117983-2943846805-1003 - Limited - Enabled)
Kathy (S-1-5-21-4112325925-1048117983-2943846805-1001 - Administrator - Enabled) => C:\Users\Kathy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/15/2014 09:08:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume WINRETOOLS was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (10/15/2014 09:08:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/14/2014 07:29:10 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.
 
Error: (10/12/2014 05:13:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.3.5379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 163c
 
Start Time: 01cfe3787e65e9b0
 
Termination Time: 65
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: fd8725ac-525c-11e4-825c-e82aea62a510
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/12/2014 10:17:36 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2014 10:17:04 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2014 09:41:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2014 09:37:38 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2014 07:34:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/12/2014 07:32:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (10/18/2014 11:23:40 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (10/18/2014 11:23:40 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (10/15/2014 11:53:46 PM) (Source: DCOM) (EventID: 10010) (User: WINDOWS-ELSPL74)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/15/2014 06:56:45 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001e (0xffffffffc0000096, 0xfffff80036e0a240, 0x0000000000000000, 0x0000000000000000)C:\windows\MEMORY.DMP101514-8156-01
 
Error: (10/15/2014 06:56:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:17 PM on ‎10/‎15/‎2014 was unexpected.
 
Error: (10/13/2014 09:11:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe0015260da30, 0xffffd000205b0930, 0xffffe00156116010)C:\windows\MEMORY.DMP101314-7109-01
 
Error: (10/13/2014 09:11:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:31:37 AM on ‎10/‎13/‎2014 was unexpected.
 
Error: (10/08/2014 11:15:42 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe000ab206a30, 0xffffd000fa8bec80, 0xffffe000b4219b00)C:\windows\MEMORY.DMP100814-11359-01
 
Error: (10/08/2014 11:15:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:32:59 PM on ‎10/‎7/‎2014 was unexpected.
 
Error: (10/07/2014 07:21:25 PM) (Source: DCOM) (EventID: 10010) (User: WINDOWS-ELSPL74)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2014 09:08:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRETOOLSThe parameter is incorrect. (0x80070057)
 
Error: (10/15/2014 09:08:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/14/2014 07:29:10 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?
 
Error: (10/12/2014 05:13:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.5379163c01cfe3787e65e9b065C:\Program Files (x86)\Mozilla Firefox\firefox.exefd8725ac-525c-11e4-825c-e82aea62a510
 
Error: (10/12/2014 10:17:36 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/12/2014 10:17:04 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/12/2014 09:41:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/12/2014 09:37:38 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/12/2014 07:34:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/12/2014 07:32:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 21%
Total physical RAM: 8097.09 MB
Available physical RAM: 6367.71 MB
Total Pagefile: 16289.09 MB
Available Pagefile: 14532.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:109.35 GB) (Free:66.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FD1879B1)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 October 2014 - 11:47 AM

TDSSKiller Output

 

11:34:59.0163 0x1788  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:34:59.0164 0x1788  UEFI system
11:35:03.0728 0x1788  ============================================================
11:35:03.0728 0x1788  Current date / time: 2014/10/18 11:35:03.0728
11:35:03.0728 0x1788  SystemInfo:
11:35:03.0728 0x1788  
11:35:03.0728 0x1788  OS Version: 6.3.9600 ServicePack: 0.0
11:35:03.0728 0x1788  Product type: Workstation
11:35:03.0728 0x1788  ComputerName: WINDOWS-ELSPL74
11:35:03.0729 0x1788  UserName: Kathy
11:35:03.0729 0x1788  Windows directory: C:\windows
11:35:03.0729 0x1788  System windows directory: C:\windows
11:35:03.0729 0x1788  Running under WOW64
11:35:03.0729 0x1788  Processor architecture: Intel x64
11:35:03.0729 0x1788  Number of processors: 4
11:35:03.0729 0x1788  Page size: 0x1000
11:35:03.0729 0x1788  Boot type: Normal boot
11:35:03.0729 0x1788  ============================================================
11:35:03.0837 0x1788  KLMD registered as C:\windows\system32\drivers\44921036.sys
11:35:04.0153 0x1788  System UUID: {52F30218-2034-9E5F-6DBD-613CB9CACFAB}
11:35:05.0258 0x1788  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:35:05.0263 0x1788  ============================================================
11:35:05.0263 0x1788  \Device\Harddisk0\DR0:
11:35:05.0265 0x1788  GPT partitions:
11:35:05.0266 0x1788  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {21305585-89C1-4509-8ED9-B4832C7A167C}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
11:35:05.0266 0x1788  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C4CCF6FF-09E3-47F6-BF23-0B901B1C0840}, Name: EFI system partition, StartLBA 0x200800, BlocksNum 0xFA000
11:35:05.0266 0x1788  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {560180D9-9818-4495-91B3-338F140B3615}, Name: Microsoft reserved partition, StartLBA 0x2FA800, BlocksNum 0x40000
11:35:05.0266 0x1788  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1F2CAB92-876F-47C0-80A0-61EEA120C6E5}, Name: Basic data partition, StartLBA 0x33A800, BlocksNum 0xDAB3000
11:35:05.0266 0x1788  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {82E88780-1ED4-4F94-BC56-FF76B2A4A4ED}, Name: Microsoft recovery partition, StartLBA 0xDDED800, BlocksNum 0x108E2B0
11:35:05.0267 0x1788  MBR partitions:
11:35:05.0267 0x1788  ============================================================
11:35:05.0269 0x1788  C: <-> \Device\Harddisk0\DR0\Partition4
11:35:05.0269 0x1788  ============================================================
11:35:05.0269 0x1788  Initialize success
11:35:05.0269 0x1788  ============================================================
11:35:30.0087 0x02d4  ============================================================
11:35:30.0087 0x02d4  Scan started
11:35:30.0087 0x02d4  Mode: Manual; 
11:35:30.0087 0x02d4  ============================================================
11:35:30.0087 0x02d4  KSN ping started
11:35:32.0438 0x02d4  KSN ping finished: true
11:35:32.0715 0x02d4  ================ Scan system memory ========================
11:35:32.0715 0x02d4  System memory - ok
11:35:32.0716 0x02d4  ================ Scan services =============================
11:35:32.0813 0x02d4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
11:35:32.0826 0x02d4  1394ohci - ok
11:35:32.0858 0x02d4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\windows\system32\drivers\3ware.sys
11:35:32.0864 0x02d4  3ware - ok
11:35:32.0919 0x02d4  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:35:32.0948 0x02d4  ACPI - ok
11:35:32.0961 0x02d4  [ A273E88FAC37A4F819ED99FE4B642F4D, 994DC229B7B4379852928DF0B22E8E575AB239FD8904AF580AA36A44ED717CD9 ] acpials         C:\windows\system32\DRIVERS\acpials.sys
11:35:32.0962 0x02d4  acpials - ok
11:35:32.0976 0x02d4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\windows\system32\Drivers\acpiex.sys
11:35:32.0980 0x02d4  acpiex - ok
11:35:32.0991 0x02d4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
11:35:32.0992 0x02d4  acpipagr - ok
11:35:33.0002 0x02d4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
11:35:33.0004 0x02d4  AcpiPmi - ok
11:35:33.0013 0x02d4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\windows\System32\drivers\acpitime.sys
11:35:33.0015 0x02d4  acpitime - ok
11:35:33.0068 0x02d4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\windows\system32\drivers\ADP80XX.SYS
11:35:33.0107 0x02d4  ADP80XX - ok
11:35:33.0134 0x02d4  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:35:33.0145 0x02d4  AeLookupSvc - ok
11:35:33.0160 0x02d4  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:35:33.0166 0x02d4  AERTFilters - ok
11:35:33.0207 0x02d4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\windows\system32\drivers\afd.sys
11:35:33.0235 0x02d4  AFD - ok
11:35:33.0250 0x02d4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\windows\system32\drivers\agp440.sys
11:35:33.0254 0x02d4  agp440 - ok
11:35:33.0266 0x02d4  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\windows\system32\DRIVERS\ahcache.sys
11:35:33.0271 0x02d4  ahcache - ok
11:35:33.0284 0x02d4  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\windows\System32\alg.exe
11:35:33.0291 0x02d4  ALG - ok
11:35:33.0309 0x02d4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\windows\System32\drivers\amdk8.sys
11:35:33.0314 0x02d4  AmdK8 - ok
11:35:33.0330 0x02d4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
11:35:33.0335 0x02d4  AmdPPM - ok
11:35:33.0349 0x02d4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:35:33.0353 0x02d4  amdsata - ok
11:35:33.0378 0x02d4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:35:33.0391 0x02d4  amdsbs - ok
11:35:33.0402 0x02d4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:35:33.0404 0x02d4  amdxata - ok
11:35:33.0417 0x02d4  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\windows\system32\drivers\appid.sys
11:35:33.0423 0x02d4  AppID - ok
11:35:33.0433 0x02d4  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:35:33.0436 0x02d4  AppIDSvc - ok
11:35:33.0451 0x02d4  [ 7667B9D81EA8FD6540E6CF72F92161A6, 98F3D0E376F715EBE083FE112CAA640BCE0F13DCE0F244D059D7FA019EA3D24C ] Appinfo         C:\windows\System32\appinfo.dll
11:35:33.0458 0x02d4  Appinfo - ok
11:35:33.0496 0x02d4  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\windows\system32\AppReadiness.dll
11:35:33.0524 0x02d4  AppReadiness - ok
11:35:33.0602 0x02d4  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\windows\system32\appxdeploymentserver.dll
11:35:33.0669 0x02d4  AppXSvc - ok
11:35:33.0686 0x02d4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:35:33.0693 0x02d4  arcsas - ok
11:35:33.0703 0x02d4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\windows\system32\drivers\atapi.sys
11:35:33.0706 0x02d4  atapi - ok
11:35:33.0725 0x02d4  [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
11:35:33.0736 0x02d4  AudioEndpointBuilder - ok
11:35:33.0793 0x02d4  [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv        C:\windows\System32\Audiosrv.dll
11:35:33.0835 0x02d4  Audiosrv - ok
11:35:33.0851 0x02d4  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:35:33.0858 0x02d4  AxInstSV - ok
11:35:33.0896 0x02d4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:35:33.0923 0x02d4  b06bdrv - ok
11:35:33.0940 0x02d4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
11:35:33.0944 0x02d4  BasicDisplay - ok
11:35:33.0957 0x02d4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
11:35:33.0959 0x02d4  BasicRender - ok
11:35:33.0975 0x02d4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\windows\System32\drivers\bcmfn2.sys
11:35:33.0977 0x02d4  bcmfn2 - ok
11:35:34.0004 0x02d4  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\windows\System32\bdesvc.dll
11:35:34.0022 0x02d4  BDESVC - ok
11:35:34.0031 0x02d4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\windows\system32\drivers\Beep.sys
11:35:34.0032 0x02d4  Beep - ok
11:35:34.0084 0x02d4  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\windows\System32\bfe.dll
11:35:34.0126 0x02d4  BFE - ok
11:35:34.0192 0x02d4  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\windows\System32\qmgr.dll
11:35:34.0245 0x02d4  BITS - ok
11:35:34.0318 0x02d4  [ 98CCFB0907C90B795E06A41A79372DB7, DAE51DE54C5FE7E50C5FCE6D348B988FBE2CAAFCCD4620D4D1118352985D081B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:35:34.0374 0x02d4  Bluetooth Device Monitor - ok
11:35:34.0445 0x02d4  [ A24B01133179979911F8E499FAFFC7EE, 3B361C9551EACB6F9B681E4DE0C8833D24796D3968CEB0EDE0E5F122CC0D7F63 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:35:34.0502 0x02d4  Bluetooth OBEX Service - ok
11:35:34.0518 0x02d4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:35:34.0524 0x02d4  bowser - ok
11:35:34.0547 0x02d4  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
11:35:34.0562 0x02d4  BrokerInfrastructure - ok
11:35:34.0578 0x02d4  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\windows\System32\browser.dll
11:35:34.0586 0x02d4  Browser - ok
11:35:34.0598 0x02d4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
11:35:34.0600 0x02d4  BthAvrcpTg - ok
11:35:34.0614 0x02d4  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
11:35:34.0617 0x02d4  BthEnum - ok
11:35:34.0630 0x02d4  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
11:35:34.0634 0x02d4  BthHFEnum - ok
11:35:34.0645 0x02d4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
11:35:34.0647 0x02d4  bthhfhid - ok
11:35:34.0674 0x02d4  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\windows\System32\drivers\BthLEEnum.sys
11:35:34.0686 0x02d4  BthLEEnum - ok
11:35:34.0698 0x02d4  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
11:35:34.0702 0x02d4  BTHMODEM - ok
11:35:34.0720 0x02d4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\windows\System32\drivers\bthpan.sys
11:35:34.0727 0x02d4  BthPan - ok
11:35:34.0829 0x02d4  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:35:34.0890 0x02d4  BTHPORT - ok
11:35:34.0906 0x02d4  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\windows\system32\bthserv.dll
11:35:34.0912 0x02d4  bthserv - ok
11:35:34.0928 0x02d4  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:35:34.0933 0x02d4  BTHUSB - ok
11:35:34.0949 0x02d4  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
11:35:34.0957 0x02d4  btmaux - ok
11:35:35.0041 0x02d4  [ F15D822936DC4D9F3E374C73E9AA6D3F, 04C2A0416D051AC56D4FD6C58FEBC48238830B17B7D6CCF23D3F1B7B0F3C37A9 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
11:35:35.0111 0x02d4  btmhsf - ok
11:35:35.0130 0x02d4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:35:35.0135 0x02d4  cdfs - ok
11:35:35.0157 0x02d4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\windows\System32\drivers\cdrom.sys
11:35:35.0166 0x02d4  cdrom - ok
11:35:35.0184 0x02d4  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\windows\System32\certprop.dll
11:35:35.0193 0x02d4  CertPropSvc - ok
11:35:35.0204 0x02d4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\windows\System32\drivers\circlass.sys
11:35:35.0208 0x02d4  circlass - ok
11:35:35.0236 0x02d4  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\windows\system32\drivers\CLFS.sys
11:35:35.0256 0x02d4  CLFS - ok
11:35:35.0425 0x02d4  [ EDAD3D6932E4CB7D92F19FEE0238C29D, 8AE3F923CDBBF08ABB401B53D7E743DBD91C64E28AB7A17D7BAB1EF585A8FE4F ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:35:35.0544 0x02d4  ClickToRunSvc - ok
11:35:35.0574 0x02d4  [ 05B6692427B4FD1364876E74DA80868F, 1CC6ED7BBA2FCDA37735F3A5304FFBA8BFBF3DEDD57B9ED449DE29E7DDDFE508 ] CLKMSVC10_99E320F5 C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe
11:35:35.0587 0x02d4  CLKMSVC10_99E320F5 - ok
11:35:35.0617 0x02d4  [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive  C:\windows\system32\DRIVERS\CLVirtualDrive.sys
11:35:35.0623 0x02d4  CLVirtualDrive - ok
11:35:35.0634 0x02d4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
11:35:35.0636 0x02d4  CmBatt - ok
11:35:35.0682 0x02d4  [ 593CA2F3E870D586C20A332171988AFF, A811C1ED00E616D0F752EB35D03DD4CA852503D4B8553B99EBE1212D915E7448 ] CNG             C:\windows\system32\Drivers\cng.sys
11:35:35.0710 0x02d4  CNG - ok
11:35:35.0727 0x02d4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
11:35:35.0729 0x02d4  CompositeBus - ok
11:35:35.0738 0x02d4  COMSysApp - ok
11:35:35.0749 0x02d4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\windows\system32\drivers\condrv.sys
11:35:35.0752 0x02d4  condrv - ok
11:35:35.0810 0x02d4  [ F0287AF7F4ECAC0C3F576EF775085B0E, 173E842EDC69E9D5635B0175953C454FD4112F2B647639FE83392B7247F3A3A0 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
11:35:35.0825 0x02d4  cphs - ok
11:35:35.0844 0x02d4  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:35:35.0852 0x02d4  CryptSvc - ok
11:35:35.0865 0x02d4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\windows\system32\drivers\dam.sys
11:35:35.0868 0x02d4  dam - ok
11:35:35.0881 0x02d4  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\windows\System32\drivers\dc3d.sys
11:35:35.0886 0x02d4  dc3d - ok
11:35:35.0939 0x02d4  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:35:35.0979 0x02d4  DcomLaunch - ok
11:35:36.0017 0x02d4  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\windows\System32\defragsvc.dll
11:35:36.0041 0x02d4  defragsvc - ok
11:35:36.0052 0x02d4  [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn        C:\windows\System32\drivers\DellRbtn.sys
11:35:36.0053 0x02d4  DellRbtn - ok
11:35:36.0084 0x02d4  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\windows\system32\das.dll
11:35:36.0105 0x02d4  DeviceAssociationService - ok
11:35:36.0125 0x02d4  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
11:35:36.0135 0x02d4  DeviceInstall - ok
11:35:36.0156 0x02d4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
11:35:36.0166 0x02d4  Dfsc - ok
11:35:36.0195 0x02d4  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:35:36.0214 0x02d4  Dhcp - ok
11:35:36.0233 0x02d4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\windows\system32\drivers\disk.sys
11:35:36.0239 0x02d4  disk - ok
11:35:36.0249 0x02d4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
11:35:36.0251 0x02d4  dmvsc - ok
11:35:36.0274 0x02d4  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:35:36.0288 0x02d4  Dnscache - ok
11:35:36.0310 0x02d4  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\windows\System32\dot3svc.dll
11:35:36.0324 0x02d4  dot3svc - ok
11:35:36.0345 0x02d4  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\windows\system32\dps.dll
11:35:36.0355 0x02d4  DPS - ok
11:35:36.0366 0x02d4  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:35:36.0368 0x02d4  drmkaud - ok
11:35:36.0394 0x02d4  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
11:35:36.0405 0x02d4  DsmSvc - ok
11:35:36.0496 0x02d4  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:35:36.0573 0x02d4  DXGKrnl - ok
11:35:36.0590 0x02d4  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\windows\System32\eapsvc.dll
11:35:36.0597 0x02d4  Eaphost - ok
11:35:36.0785 0x02d4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:35:36.0948 0x02d4  ebdrv - ok
11:35:36.0968 0x02d4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\windows\System32\lsass.exe
11:35:36.0973 0x02d4  EFS - ok
11:35:36.0986 0x02d4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
11:35:36.0990 0x02d4  EhStorClass - ok
11:35:37.0008 0x02d4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
11:35:37.0015 0x02d4  EhStorTcgDrv - ok
11:35:37.0026 0x02d4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\windows\System32\drivers\errdev.sys
11:35:37.0027 0x02d4  ErrDev - ok
11:35:37.0069 0x02d4  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\windows\system32\es.dll
11:35:37.0094 0x02d4  EventSystem - ok
11:35:37.0113 0x02d4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\windows\system32\drivers\exfat.sys
11:35:37.0124 0x02d4  exfat - ok
11:35:37.0147 0x02d4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:35:37.0160 0x02d4  fastfat - ok
11:35:37.0203 0x02d4  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\windows\system32\fxssvc.exe
11:35:37.0237 0x02d4  Fax - ok
11:35:37.0250 0x02d4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\windows\System32\drivers\fdc.sys
11:35:37.0252 0x02d4  fdc - ok
11:35:37.0262 0x02d4  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\windows\system32\fdPHost.dll
11:35:37.0265 0x02d4  fdPHost - ok
11:35:37.0277 0x02d4  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\windows\system32\fdrespub.dll
11:35:37.0281 0x02d4  FDResPub - ok
11:35:37.0296 0x02d4  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\windows\system32\fhsvc.dll
11:35:37.0304 0x02d4  fhsvc - ok
11:35:37.0319 0x02d4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:35:37.0324 0x02d4  FileInfo - ok
11:35:37.0336 0x02d4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:35:37.0338 0x02d4  Filetrace - ok
11:35:37.0349 0x02d4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
11:35:37.0351 0x02d4  flpydisk - ok
11:35:37.0379 0x02d4  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:35:37.0397 0x02d4  FltMgr - ok
11:35:37.0481 0x02d4  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\windows\system32\FntCache.dll
11:35:37.0552 0x02d4  FontCache - ok
11:35:37.0566 0x02d4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:35:37.0569 0x02d4  FontCache3.0.0.0 - ok
11:35:37.0580 0x02d4  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:35:37.0583 0x02d4  FsDepends - ok
11:35:37.0593 0x02d4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:35:37.0596 0x02d4  Fs_Rec - ok
11:35:37.0637 0x02d4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:35:37.0667 0x02d4  fvevol - ok
11:35:37.0680 0x02d4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
11:35:37.0682 0x02d4  FxPPM - ok
11:35:37.0695 0x02d4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:35:37.0699 0x02d4  gagp30kx - ok
11:35:37.0709 0x02d4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
11:35:37.0711 0x02d4  gencounter - ok
11:35:37.0727 0x02d4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
11:35:37.0735 0x02d4  GPIOClx0101 - ok
11:35:37.0812 0x02d4  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\windows\System32\gpsvc.dll
11:35:37.0881 0x02d4  gpsvc - ok
11:35:37.0897 0x02d4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:35:37.0903 0x02d4  gupdate - ok
11:35:37.0915 0x02d4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:35:37.0922 0x02d4  gupdatem - ok
11:35:37.0937 0x02d4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
11:35:37.0942 0x02d4  HDAudBus - ok
11:35:37.0953 0x02d4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
11:35:37.0956 0x02d4  HidBatt - ok
11:35:37.0972 0x02d4  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\windows\System32\drivers\hidbth.sys
11:35:37.0977 0x02d4  HidBth - ok
11:35:37.0990 0x02d4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
11:35:37.0992 0x02d4  hidi2c - ok
11:35:38.0004 0x02d4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\windows\System32\drivers\hidir.sys
11:35:38.0007 0x02d4  HidIr - ok
11:35:38.0017 0x02d4  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\windows\system32\hidserv.dll
11:35:38.0021 0x02d4  hidserv - ok
11:35:38.0032 0x02d4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\windows\System32\drivers\hidusb.sys
11:35:38.0035 0x02d4  HidUsb - ok
11:35:38.0048 0x02d4  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:35:38.0056 0x02d4  hkmsvc - ok
11:35:38.0078 0x02d4  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:35:38.0093 0x02d4  HomeGroupListener - ok
11:35:38.0124 0x02d4  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:35:38.0148 0x02d4  HomeGroupProvider - ok
11:35:38.0160 0x02d4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:35:38.0164 0x02d4  HpSAMD - ok
11:35:38.0179 0x02d4  [ 5A539A3CBD6EC1609D5333B486D5F74C, C43B4F085C0F7938E0771140B7D02B087F4EA086FC3FF4B4F9F2D18BCE0BFD88 ] HPSIService     C:\windows\system32\HPSIsvc.exe
11:35:38.0187 0x02d4  HPSIService - ok
11:35:38.0250 0x02d4  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:35:38.0301 0x02d4  HTTP - ok
11:35:38.0316 0x02d4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:35:38.0318 0x02d4  hwpolicy - ok
11:35:38.0328 0x02d4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
11:35:38.0330 0x02d4  hyperkbd - ok
11:35:38.0340 0x02d4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
11:35:38.0342 0x02d4  HyperVideo - ok
11:35:38.0361 0x02d4  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
11:35:38.0367 0x02d4  i8042prt - ok
11:35:38.0378 0x02d4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\windows\System32\drivers\iaLPSSi_GPIO.sys
11:35:38.0380 0x02d4  iaLPSSi_GPIO - ok
11:35:38.0394 0x02d4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\windows\System32\drivers\iaLPSSi_I2C.sys
11:35:38.0399 0x02d4  iaLPSSi_I2C - ok
11:35:38.0410 0x02d4  [ 707C081F0FA99B54C7E1F7026E395CE8, 410FF95DFA7914F62C1FBDBE0D4F01312A35A88F7DD86C50A915725C8CA0876B ] iaLPSS_GPIO     C:\windows\System32\drivers\iaLPSS_GPIO.sys
11:35:38.0412 0x02d4  iaLPSS_GPIO - ok
11:35:38.0426 0x02d4  [ 662DE464FDE54114E404557544D7EE02, A5F1B86B0BD65F0B055200EC044A3C8608110EC4DEBAD2E84C27FBC1B1988C3F ] iaLPSS_I2C      C:\windows\System32\drivers\iaLPSS_I2C.sys
11:35:38.0432 0x02d4  iaLPSS_I2C - ok
11:35:38.0445 0x02d4  [ 01FA87A4FF3C954A45E70ECCDED98A19, A8171E45F94C0571762AD025AA3B0A94C2E8DB44E9C7C3467D810C2F9F43F945 ] iaLPSS_SPI      C:\windows\System32\drivers\iaLPSS_SPI.sys
11:35:38.0450 0x02d4  iaLPSS_SPI - ok
11:35:38.0466 0x02d4  [ 835712FEDE42DF890D2382AA8E714E70, 821211EE0172EB870FCAB88B14314BF5C6F4FB08BFA31B86B8CB0A181CEFF84E ] iaLPSS_UART     C:\windows\System32\drivers\iaLPSS_UART.sys
11:35:38.0475 0x02d4  iaLPSS_UART - ok
11:35:38.0490 0x02d4  [ 78689CE33D3BC10C16FF7C41AECEE796, 977206776EB8970E02EB111A955C29F0372B9A69CB91CCD2FDD86062F5AE4EBF ] iaLPSS_UART2    C:\windows\System32\drivers\iaLPSS_UART2.sys
11:35:38.0497 0x02d4  iaLPSS_UART2 - ok
11:35:38.0542 0x02d4  [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
11:35:38.0574 0x02d4  iaStorA - ok
11:35:38.0620 0x02d4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\windows\system32\drivers\iaStorAV.sys
11:35:38.0653 0x02d4  iaStorAV - ok
11:35:38.0665 0x02d4  [ B64E1D5BABD095C13A382838F9DCC77F, D8FF4E1BBA7EF5EE136CC5892C72E0774D0AAE40CD9EB3368A698DA6C078BBAA ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:35:38.0666 0x02d4  IAStorDataMgrSvc - ok
11:35:38.0703 0x02d4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:35:38.0724 0x02d4  iaStorV - ok
11:35:38.0745 0x02d4  [ 401FC0EBE6D19FDD6C62959A635D1EB9, 60894A0C2E094EE868B3FB673FE33CEE6D1EAF19F14333EF995F8F07ECBA2002 ] ibtusb          C:\windows\system32\DRIVERS\ibtusb.sys
11:35:38.0753 0x02d4  ibtusb - ok
11:35:38.0761 0x02d4  IEEtwCollectorService - ok
11:35:38.0992 0x02d4  [ A874EC416801B152BD64916E1B5C107E, 6D41CAB617E06F3D9534DB44DFEB9C86F2AD55AFBF3E1B1B41BA2576C0C19407 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
11:35:39.0195 0x02d4  igfx - ok
11:35:39.0273 0x02d4  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\windows\System32\ikeext.dll
11:35:39.0327 0x02d4  IKEEXT - ok
11:35:39.0346 0x02d4  [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
11:35:39.0348 0x02d4  intaud_WaveExtensible - ok
11:35:39.0555 0x02d4  [ A5F853DBF922C95845BC73AD20CB2A37, 55C174DDA46A8E549D3874F1373C2D0E77CCA0CC06EE0BC81D51D13203FB5DD5 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:35:39.0736 0x02d4  IntcAzAudAddService - ok
11:35:39.0779 0x02d4  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
11:35:39.0802 0x02d4  IntcDAud - ok
11:35:39.0852 0x02d4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:35:39.0889 0x02d4  Intel® Capability Licensing Service Interface - ok
11:35:39.0941 0x02d4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
11:35:39.0981 0x02d4  Intel® Capability Licensing Service TCP IP Interface - ok
11:35:39.0992 0x02d4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\windows\system32\drivers\intelide.sys
11:35:39.0994 0x02d4  intelide - ok
11:35:40.0007 0x02d4  [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep        C:\windows\system32\drivers\intelpep.sys
11:35:40.0010 0x02d4  intelpep - ok
11:35:40.0026 0x02d4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\windows\System32\drivers\intelppm.sys
11:35:40.0032 0x02d4  intelppm - ok
11:35:40.0045 0x02d4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:35:40.0050 0x02d4  IpFilterDriver - ok
11:35:40.0107 0x02d4  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:35:40.0154 0x02d4  iphlpsvc - ok
11:35:40.0171 0x02d4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
11:35:40.0176 0x02d4  IPMIDRV - ok
11:35:40.0193 0x02d4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:35:40.0200 0x02d4  IPNAT - ok
11:35:40.0208 0x02d4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:35:40.0210 0x02d4  IRENUM - ok
11:35:40.0222 0x02d4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:35:40.0224 0x02d4  isapnp - ok
11:35:40.0254 0x02d4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
11:35:40.0268 0x02d4  iScsiPrt - ok
11:35:40.0279 0x02d4  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\windows\System32\drivers\ISCTD64.sys
11:35:40.0282 0x02d4  ISCT - ok
11:35:40.0292 0x02d4  [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus          C:\windows\System32\drivers\iwdbus.sys
11:35:40.0294 0x02d4  iwdbus - ok
11:35:40.0310 0x02d4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
11:35:40.0319 0x02d4  jhi_service - ok
11:35:40.0333 0x02d4  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
11:35:40.0337 0x02d4  kbdclass - ok
11:35:40.0348 0x02d4  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
11:35:40.0350 0x02d4  kbdhid - ok
11:35:40.0360 0x02d4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
11:35:40.0362 0x02d4  kdnic - ok
11:35:40.0373 0x02d4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\windows\system32\lsass.exe
11:35:40.0378 0x02d4  KeyIso - ok
11:35:40.0391 0x02d4  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:35:40.0397 0x02d4  KSecDD - ok
11:35:40.0415 0x02d4  [ 24F7908334185E342729B883DA5DFA84, D80AED7B43971BF9B53C4128D602DA1B39BC55666D4FCB2FDF40732358A837C2 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:35:40.0425 0x02d4  KSecPkg - ok
11:35:40.0435 0x02d4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:35:40.0436 0x02d4  ksthunk - ok
11:35:40.0466 0x02d4  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\windows\system32\msdtckrm.dll
11:35:40.0486 0x02d4  KtmRm - ok
11:35:40.0503 0x02d4  [ 1BDE240AFE261C2261CF2A5315F1AE28, CF9580AEF87A403B479A76C3EFAC5EC1B3DFAF757F7BCEA6B82795EED25B983F ] LAN7500         C:\windows\system32\DRIVERS\lan7500-x64-n630f.sys
11:35:40.0508 0x02d4  LAN7500 - ok
11:35:40.0535 0x02d4  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\windows\system32\srvsvc.dll
11:35:40.0555 0x02d4  LanmanServer - ok
11:35:40.0579 0x02d4  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:35:40.0597 0x02d4  LanmanWorkstation - ok
11:35:40.0636 0x02d4  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\windows\System32\GeofenceMonitorService.dll
11:35:40.0662 0x02d4  lfsvc - ok
11:35:40.0674 0x02d4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:35:40.0678 0x02d4  lltdio - ok
11:35:40.0701 0x02d4  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:35:40.0717 0x02d4  lltdsvc - ok
11:35:40.0727 0x02d4  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:35:40.0731 0x02d4  lmhosts - ok
11:35:40.0759 0x02d4  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:35:40.0780 0x02d4  LMS - ok
11:35:40.0798 0x02d4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:35:40.0804 0x02d4  LSI_SAS - ok
11:35:40.0817 0x02d4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:35:40.0823 0x02d4  LSI_SAS2 - ok
11:35:40.0836 0x02d4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\windows\system32\drivers\lsi_sas3.sys
11:35:40.0840 0x02d4  LSI_SAS3 - ok
11:35:40.0853 0x02d4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
11:35:40.0858 0x02d4  LSI_SSS - ok
11:35:40.0905 0x02d4  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\windows\System32\lsm.dll
11:35:40.0944 0x02d4  LSM - ok
11:35:40.0960 0x02d4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\windows\system32\drivers\luafv.sys
11:35:40.0967 0x02d4  luafv - ok
11:35:40.0982 0x02d4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\windows\system32\drivers\megasas.sys
11:35:40.0986 0x02d4  megasas - ok
11:35:41.0026 0x02d4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\windows\system32\drivers\megasr.sys
11:35:41.0055 0x02d4  megasr - ok
11:35:41.0070 0x02d4  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\windows\System32\drivers\TeeDriverx64.sys
11:35:41.0076 0x02d4  MEIx64 - ok
11:35:41.0090 0x02d4  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\windows\system32\mmcss.dll
11:35:41.0096 0x02d4  MMCSS - ok
11:35:41.0107 0x02d4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\windows\system32\drivers\modem.sys
11:35:41.0110 0x02d4  Modem - ok
11:35:41.0120 0x02d4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\windows\System32\drivers\monitor.sys
11:35:41.0123 0x02d4  monitor - ok
11:35:41.0136 0x02d4  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\windows\System32\drivers\mouclass.sys
11:35:41.0140 0x02d4  mouclass - ok
11:35:41.0153 0x02d4  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\windows\System32\drivers\mouhid.sys
11:35:41.0156 0x02d4  mouhid - ok
11:35:41.0169 0x02d4  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:35:41.0175 0x02d4  mountmgr - ok
11:35:41.0188 0x02d4  [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:35:41.0194 0x02d4  MozillaMaintenance - ok
11:35:41.0206 0x02d4  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:35:41.0211 0x02d4  mpsdrv - ok
11:35:41.0267 0x02d4  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:35:41.0313 0x02d4  MpsSvc - ok
11:35:41.0333 0x02d4  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:35:41.0342 0x02d4  MRxDAV - ok
11:35:41.0373 0x02d4  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:35:41.0394 0x02d4  mrxsmb - ok
11:35:41.0420 0x02d4  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:35:41.0435 0x02d4  mrxsmb10 - ok
11:35:41.0456 0x02d4  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:35:41.0467 0x02d4  mrxsmb20 - ok
11:35:41.0480 0x02d4  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
11:35:41.0487 0x02d4  MsBridge - ok
11:35:41.0503 0x02d4  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\windows\System32\msdtc.exe
11:35:41.0513 0x02d4  MSDTC - ok
11:35:41.0530 0x02d4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:35:41.0532 0x02d4  Msfs - ok
11:35:41.0544 0x02d4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
11:35:41.0547 0x02d4  msgpiowin32 - ok
11:35:41.0558 0x02d4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:35:41.0560 0x02d4  mshidkmdf - ok
11:35:41.0569 0x02d4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
11:35:41.0571 0x02d4  mshidumdf - ok
11:35:41.0583 0x02d4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:35:41.0586 0x02d4  msisadrv - ok
11:35:41.0605 0x02d4  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:35:41.0615 0x02d4  MSiSCSI - ok
11:35:41.0625 0x02d4  msiserver - ok
11:35:41.0636 0x02d4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:35:41.0638 0x02d4  MSKSSRV - ok
11:35:41.0653 0x02d4  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
11:35:41.0658 0x02d4  MsLldp - ok
11:35:41.0666 0x02d4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:35:41.0667 0x02d4  MSPCLOCK - ok
11:35:41.0676 0x02d4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:35:41.0678 0x02d4  MSPQM - ok
11:35:41.0706 0x02d4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:35:41.0725 0x02d4  MsRPC - ok
11:35:41.0742 0x02d4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
11:35:41.0744 0x02d4  mssmbios - ok
11:35:41.0753 0x02d4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:35:41.0755 0x02d4  MSTEE - ok
11:35:41.0764 0x02d4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
11:35:41.0766 0x02d4  MTConfig - ok
11:35:41.0778 0x02d4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\windows\system32\Drivers\mup.sys
11:35:41.0783 0x02d4  Mup - ok
11:35:41.0794 0x02d4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\windows\system32\drivers\mvumis.sys
11:35:41.0798 0x02d4  mvumis - ok
11:35:41.0833 0x02d4  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\windows\system32\qagentRT.dll
11:35:41.0858 0x02d4  napagent - ok
11:35:41.0891 0x02d4  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:35:41.0914 0x02d4  NativeWifiP - ok
11:35:41.0933 0x02d4  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\windows\System32\ncasvc.dll
11:35:41.0944 0x02d4  NcaSvc - ok
11:35:41.0961 0x02d4  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\windows\System32\ncbservice.dll
11:35:41.0973 0x02d4  NcbService - ok
11:35:41.0986 0x02d4  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
11:35:41.0993 0x02d4  NcdAutoSetup - ok
11:35:42.0062 0x02d4  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\windows\system32\drivers\ndis.sys
11:35:42.0118 0x02d4  NDIS - ok
11:35:42.0132 0x02d4  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:35:42.0135 0x02d4  NdisCap - ok
11:35:42.0150 0x02d4  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
11:35:42.0159 0x02d4  NdisImPlatform - ok
11:35:42.0169 0x02d4  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:35:42.0171 0x02d4  NdisTapi - ok
11:35:42.0182 0x02d4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:35:42.0186 0x02d4  Ndisuio - ok
11:35:42.0195 0x02d4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\windows\System32\drivers\NdisVirtualBus.sys
11:35:42.0197 0x02d4  NdisVirtualBus - ok
11:35:42.0217 0x02d4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:35:42.0229 0x02d4  NdisWan - ok
11:35:42.0246 0x02d4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\windows\system32\DRIVERS\ndiswan.sys
11:35:42.0258 0x02d4  NdisWanLegacy - ok
11:35:42.0270 0x02d4  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:35:42.0275 0x02d4  NDProxy - ok
11:35:42.0289 0x02d4  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\windows\system32\drivers\Ndu.sys
11:35:42.0294 0x02d4  Ndu - ok
11:35:42.0308 0x02d4  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:35:42.0311 0x02d4  NetBIOS - ok
11:35:42.0335 0x02d4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:35:42.0349 0x02d4  NetBT - ok
11:35:42.0361 0x02d4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\windows\system32\lsass.exe
11:35:42.0365 0x02d4  Netlogon - ok
11:35:42.0387 0x02d4  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\windows\System32\netman.dll
11:35:42.0403 0x02d4  Netman - ok
11:35:42.0441 0x02d4  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\windows\System32\netprofmsvc.dll
11:35:42.0470 0x02d4  netprofm - ok
11:35:42.0490 0x02d4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:35:42.0498 0x02d4  NetTcpPortSharing - ok
11:35:42.0511 0x02d4  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\windows\system32\DRIVERS\netvsc63.sys
11:35:42.0517 0x02d4  netvsc - ok
11:35:42.0721 0x02d4  [ B7C1FB46EAA9029B01F59EF8A62692DB, 3E37C609F2B87C5F3FA6826D3CB5D120AC4EA3FF8CEBF4A1FDCEB8C177D46EE0 ] NETwNe64        C:\windows\system32\DRIVERS\NETwew02.sys
11:35:42.0899 0x02d4  NETwNe64 - ok
11:35:42.0937 0x02d4  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\windows\System32\nlasvc.dll
11:35:42.0960 0x02d4  NlaSvc - ok
11:35:42.0975 0x02d4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:35:42.0979 0x02d4  Npfs - ok
11:35:42.0989 0x02d4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
11:35:42.0991 0x02d4  npsvctrig - ok
11:35:43.0002 0x02d4  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\windows\system32\nsisvc.dll
11:35:43.0007 0x02d4  nsi - ok
11:35:43.0017 0x02d4  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:35:43.0020 0x02d4  nsiproxy - ok
11:35:43.0140 0x02d4  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:35:43.0239 0x02d4  Ntfs - ok
11:35:43.0255 0x02d4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\windows\system32\drivers\Null.sys
11:35:43.0256 0x02d4  Null - ok
11:35:43.0273 0x02d4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:35:43.0281 0x02d4  nvraid - ok
11:35:43.0299 0x02d4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:35:43.0308 0x02d4  nvstor - ok
11:35:43.0323 0x02d4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:35:43.0330 0x02d4  nv_agp - ok
11:35:43.0345 0x02d4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:35:43.0353 0x02d4  ose - ok
11:35:43.0387 0x02d4  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:35:43.0408 0x02d4  p2pimsvc - ok
11:35:43.0441 0x02d4  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\windows\system32\p2psvc.dll
11:35:43.0465 0x02d4  p2psvc - ok
11:35:43.0482 0x02d4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\windows\System32\drivers\parport.sys
11:35:43.0487 0x02d4  Parport - ok
11:35:43.0501 0x02d4  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:35:43.0506 0x02d4  partmgr - ok
11:35:43.0540 0x02d4  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\windows\System32\pcasvc.dll
11:35:43.0566 0x02d4  PcaSvc - ok
11:35:43.0598 0x02d4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\windows\system32\drivers\pci.sys
11:35:43.0612 0x02d4  pci - ok
11:35:43.0622 0x02d4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\windows\system32\drivers\pciide.sys
11:35:43.0624 0x02d4  pciide - ok
11:35:43.0642 0x02d4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:35:43.0648 0x02d4  pcmcia - ok
11:35:43.0659 0x02d4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\windows\system32\drivers\pcw.sys
11:35:43.0663 0x02d4  pcw - ok
11:35:43.0676 0x02d4  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc             C:\windows\system32\drivers\pdc.sys
11:35:43.0681 0x02d4  pdc - ok
11:35:43.0727 0x02d4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:35:43.0760 0x02d4  PEAUTH - ok
11:35:43.0817 0x02d4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:35:43.0820 0x02d4  PerfHost - ok
11:35:43.0919 0x02d4  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\windows\system32\pla.dll
11:35:43.0993 0x02d4  pla - ok
11:35:44.0011 0x02d4  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:35:44.0020 0x02d4  PlugPlay - ok
11:35:44.0031 0x02d4  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:35:44.0036 0x02d4  PNRPAutoReg - ok
11:35:44.0064 0x02d4  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:35:44.0085 0x02d4  PNRPsvc - ok
11:35:44.0097 0x02d4  [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64         C:\windows\System32\drivers\point64.sys
11:35:44.0100 0x02d4  Point64 - ok
11:35:44.0130 0x02d4  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:35:44.0152 0x02d4  PolicyAgent - ok
11:35:44.0169 0x02d4  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\windows\system32\umpo.dll
11:35:44.0177 0x02d4  Power - ok
11:35:44.0360 0x02d4  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll
11:35:44.0502 0x02d4  PrintNotify - ok
11:35:44.0524 0x02d4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\windows\System32\drivers\processr.sys
11:35:44.0529 0x02d4  Processor - ok
11:35:44.0549 0x02d4  [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc         C:\windows\system32\profsvc.dll
11:35:44.0563 0x02d4  ProfSvc - ok
11:35:44.0579 0x02d4  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:35:44.0588 0x02d4  Psched - ok
11:35:44.0613 0x02d4  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\windows\system32\qwave.dll
11:35:44.0631 0x02d4  QWAVE - ok
11:35:44.0642 0x02d4  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:35:44.0646 0x02d4  QWAVEdrv - ok
11:35:44.0655 0x02d4  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:35:44.0657 0x02d4  RasAcd - ok
11:35:44.0671 0x02d4  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\windows\System32\rasauto.dll
11:35:44.0679 0x02d4  RasAuto - ok
11:35:44.0718 0x02d4  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\windows\System32\rasmans.dll
11:35:44.0748 0x02d4  RasMan - ok
11:35:44.0763 0x02d4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:35:44.0768 0x02d4  RasPppoe - ok
11:35:44.0798 0x02d4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:35:44.0819 0x02d4  rdbss - ok
11:35:44.0834 0x02d4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
11:35:44.0836 0x02d4  rdpbus - ok
11:35:44.0855 0x02d4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
11:35:44.0865 0x02d4  RDPDR - ok
11:35:44.0889 0x02d4  [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:35:44.0891 0x02d4  RdpVideoMiniport - ok
11:35:44.0915 0x02d4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:35:44.0929 0x02d4  rdyboost - ok
11:35:44.0989 0x02d4  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\windows\system32\drivers\ReFS.sys
11:35:45.0034 0x02d4  ReFS - ok
11:35:45.0057 0x02d4  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:35:45.0070 0x02d4  RemoteAccess - ok
11:35:45.0088 0x02d4  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:35:45.0099 0x02d4  RemoteRegistry - ok
11:35:45.0123 0x02d4  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
11:35:45.0132 0x02d4  RFCOMM - ok
11:35:45.0153 0x02d4  [ CBE300DA6064C31F2AC4ED8A0722BEF0, D98D41937E36390426F521713AF2BAA1E49E750BBEAC420D1BD770EB303F1E4F ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
11:35:45.0166 0x02d4  RichVideo - ok
11:35:45.0181 0x02d4  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:35:45.0189 0x02d4  RpcEptMapper - ok
11:35:45.0198 0x02d4  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\windows\system32\locator.exe
11:35:45.0201 0x02d4  RpcLocator - ok
11:35:45.0250 0x02d4  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\windows\system32\rpcss.dll
11:35:45.0290 0x02d4  RpcSs - ok
11:35:45.0304 0x02d4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:35:45.0309 0x02d4  rspndr - ok
11:35:45.0333 0x02d4  [ DABD4AB3D049ECA6AFFD61B63A997728, 6F89D5AF4A02F7FC455922533D14486D4ED86E005523302A917E4F12B70B3794 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
11:35:45.0347 0x02d4  RtkAudioService - ok
11:35:45.0358 0x02d4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
11:35:45.0360 0x02d4  s3cap - ok
11:35:45.0373 0x02d4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\windows\system32\lsass.exe
11:35:45.0378 0x02d4  SamSs - ok
11:35:45.0394 0x02d4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:35:45.0400 0x02d4  sbp2port - ok
11:35:45.0419 0x02d4  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:35:45.0432 0x02d4  SCardSvr - ok
11:35:45.0449 0x02d4  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\windows\System32\ScDeviceEnum.dll
11:35:45.0459 0x02d4  ScDeviceEnum - ok
11:35:45.0468 0x02d4  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:35:45.0471 0x02d4  scfilter - ok
11:35:45.0547 0x02d4  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\windows\system32\schedsvc.dll
11:35:45.0610 0x02d4  Schedule - ok
11:35:45.0629 0x02d4  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:35:45.0638 0x02d4  SCPolicySvc - ok
11:35:45.0666 0x02d4  [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus           C:\windows\System32\drivers\sdbus.sys
11:35:45.0679 0x02d4  sdbus - ok
11:35:45.0694 0x02d4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\windows\System32\drivers\sdstor.sys
11:35:45.0699 0x02d4  sdstor - ok
11:35:45.0710 0x02d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:35:45.0712 0x02d4  secdrv - ok
11:35:45.0722 0x02d4  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\windows\system32\seclogon.dll
11:35:45.0728 0x02d4  seclogon - ok
11:35:45.0740 0x02d4  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\windows\System32\sens.dll
11:35:45.0747 0x02d4  SENS - ok
11:35:45.0767 0x02d4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] SensorsAlsDriver C:\windows\system32\DRIVERS\WUDFRd.sys
11:35:45.0779 0x02d4  SensorsAlsDriver - ok
11:35:45.0800 0x02d4  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:35:45.0815 0x02d4  SensrSvc - ok
11:35:45.0830 0x02d4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\windows\system32\drivers\SerCx.sys
11:35:45.0834 0x02d4  SerCx - ok
11:35:45.0852 0x02d4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\windows\system32\drivers\SerCx2.sys
11:35:45.0860 0x02d4  SerCx2 - ok
11:35:45.0870 0x02d4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\windows\System32\drivers\serenum.sys
11:35:45.0873 0x02d4  Serenum - ok
11:35:45.0887 0x02d4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\windows\System32\drivers\serial.sys
11:35:45.0892 0x02d4  Serial - ok
11:35:45.0904 0x02d4  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\windows\System32\drivers\sermouse.sys
11:35:45.0907 0x02d4  sermouse - ok
11:35:45.0945 0x02d4  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\windows\system32\sessenv.dll
11:35:45.0965 0x02d4  SessionEnv - ok
11:35:45.0978 0x02d4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
11:35:45.0981 0x02d4  sfloppy - ok
11:35:46.0094 0x02d4  [ DCD85FD151A8DA5F6C27AB6C0326503F, DFAC22725556CF62179BA031A81635F069F959EA0330BBD828FF859AA7271354 ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
11:35:46.0188 0x02d4  SftService - ok
11:35:46.0224 0x02d4  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:35:46.0248 0x02d4  SharedAccess - ok
11:35:46.0291 0x02d4  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:35:46.0325 0x02d4  ShellHWDetection - ok
11:35:46.0337 0x02d4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:35:46.0341 0x02d4  SiSRaid2 - ok
11:35:46.0354 0x02d4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:35:46.0359 0x02d4  SiSRaid4 - ok
11:35:46.0368 0x02d4  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\windows\System32\smphost.dll
11:35:46.0373 0x02d4  smphost - ok
11:35:46.0389 0x02d4  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:35:46.0393 0x02d4  SNMPTRAP - ok
11:35:46.0434 0x02d4  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\windows\system32\drivers\spaceport.sys
11:35:46.0455 0x02d4  spaceport - ok
11:35:46.0468 0x02d4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
11:35:46.0473 0x02d4  SpbCx - ok
11:35:46.0525 0x02d4  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\windows\System32\spoolsv.exe
11:35:46.0567 0x02d4  Spooler - ok
11:35:46.0914 0x02d4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\windows\system32\sppsvc.exe
11:35:47.0151 0x02d4  sppsvc - ok
11:35:47.0184 0x02d4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:35:47.0199 0x02d4  srv - ok
11:35:47.0234 0x02d4  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:35:47.0259 0x02d4  srv2 - ok
11:35:47.0276 0x02d4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:35:47.0285 0x02d4  srvnet - ok
11:35:47.0301 0x02d4  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:35:47.0313 0x02d4  SSDPSRV - ok
11:35:47.0325 0x02d4  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:35:47.0333 0x02d4  SstpSvc - ok
11:35:47.0341 0x02d4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:35:47.0343 0x02d4  stexstor - ok
11:35:47.0375 0x02d4  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\windows\System32\wiaservc.dll
11:35:47.0400 0x02d4  stisvc - ok
11:35:47.0413 0x02d4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\windows\system32\drivers\storahci.sys
11:35:47.0418 0x02d4  storahci - ok
11:35:47.0428 0x02d4  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
11:35:47.0431 0x02d4  storflt - ok
11:35:47.0444 0x02d4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\windows\system32\drivers\stornvme.sys
11:35:47.0448 0x02d4  stornvme - ok
11:35:47.0456 0x02d4  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\windows\system32\storsvc.dll
11:35:47.0460 0x02d4  StorSvc - ok
11:35:47.0468 0x02d4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\windows\system32\drivers\storvsc.sys
11:35:47.0471 0x02d4  storvsc - ok
11:35:47.0478 0x02d4  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\windows\system32\svsvc.dll
11:35:47.0481 0x02d4  svsvc - ok
11:35:47.0489 0x02d4  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\windows\System32\drivers\swenum.sys
11:35:47.0490 0x02d4  swenum - ok
11:35:47.0526 0x02d4  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\windows\System32\swprv.dll
11:35:47.0554 0x02d4  swprv - ok
11:35:47.0566 0x02d4  [ 1865C7F3228D7D76FCE65E5575684948, AA6262775EFE53071F3E9F8C6327AC78A4651CF59995172EADA284FA56147976 ] SynRMIHID       C:\windows\system32\DRIVERS\SynRMIHID.sys
11:35:47.0568 0x02d4  SynRMIHID - ok
11:35:47.0597 0x02d4  [ 0CA906DCB164FCF14D1322BECF86708B, 4C150D834F0155462DBCC220C3F948CD237D32666E4665EE0170932142759E84 ] SynTP           C:\windows\System32\drivers\SynTP.sys
11:35:47.0617 0x02d4  SynTP - ok
11:35:47.0673 0x02d4  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\windows\system32\sysmain.dll
11:35:47.0719 0x02d4  SysMain - ok
11:35:47.0738 0x02d4  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
11:35:47.0751 0x02d4  SystemEventsBroker - ok
11:35:47.0764 0x02d4  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\windows\System32\TabSvc.dll
11:35:47.0772 0x02d4  TabletInputService - ok
11:35:47.0791 0x02d4  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\windows\System32\tapisrv.dll
11:35:47.0805 0x02d4  TapiSrv - ok
11:35:47.0911 0x02d4  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:35:47.0993 0x02d4  Tcpip - ok
11:35:48.0088 0x02d4  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:35:48.0164 0x02d4  TCPIP6 - ok
11:35:48.0177 0x02d4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:35:48.0180 0x02d4  tcpipreg - ok
11:35:48.0192 0x02d4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:35:48.0195 0x02d4  tdx - ok
11:35:48.0203 0x02d4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\windows\System32\drivers\terminpt.sys
11:35:48.0205 0x02d4  terminpt - ok
11:35:48.0246 0x02d4  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\windows\System32\termsrv.dll
11:35:48.0279 0x02d4  TermService - ok
11:35:48.0289 0x02d4  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\windows\system32\themeservice.dll
11:35:48.0292 0x02d4  Themes - ok
11:35:48.0301 0x02d4  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\windows\system32\mmcss.dll
11:35:48.0305 0x02d4  THREADORDER - ok
11:35:48.0319 0x02d4  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
11:35:48.0329 0x02d4  TimeBroker - ok
11:35:48.0342 0x02d4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\windows\system32\drivers\tpm.sys
11:35:48.0347 0x02d4  TPM - ok
11:35:48.0357 0x02d4  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\windows\System32\trkwks.dll
11:35:48.0363 0x02d4  TrkWks - ok
11:35:48.0371 0x02d4  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:35:48.0374 0x02d4  TrustedInstaller - ok
11:35:48.0384 0x02d4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:35:48.0386 0x02d4  TsUsbFlt - ok
11:35:48.0394 0x02d4  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
11:35:48.0396 0x02d4  TsUsbGD - ok
11:35:48.0407 0x02d4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:35:48.0412 0x02d4  tunnel - ok
11:35:48.0420 0x02d4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:35:48.0422 0x02d4  uagp35 - ok
11:35:48.0432 0x02d4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
11:35:48.0434 0x02d4  UASPStor - ok
11:35:48.0450 0x02d4  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
11:35:48.0456 0x02d4  UCX01000 - ok
11:35:48.0473 0x02d4  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:35:48.0483 0x02d4  udfs - ok
11:35:48.0491 0x02d4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\windows\System32\drivers\UEFI.sys
11:35:48.0492 0x02d4  UEFI - ok
11:35:48.0504 0x02d4  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:35:48.0508 0x02d4  UI0Detect - ok
11:35:48.0515 0x02d4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:35:48.0518 0x02d4  uliagpkx - ok
11:35:48.0525 0x02d4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\windows\System32\drivers\umbus.sys
11:35:48.0527 0x02d4  umbus - ok
11:35:48.0533 0x02d4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\windows\System32\drivers\umpass.sys
11:35:48.0534 0x02d4  UmPass - ok
11:35:48.0552 0x02d4  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\windows\System32\umrdp.dll
11:35:48.0563 0x02d4  UmRdpService - ok
11:35:48.0584 0x02d4  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\windows\System32\upnphost.dll
11:35:48.0599 0x02d4  upnphost - ok
11:35:48.0614 0x02d4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
11:35:48.0619 0x02d4  usbccgp - ok
11:35:48.0630 0x02d4  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\windows\System32\drivers\usbcir.sys
11:35:48.0633 0x02d4  usbcir - ok
11:35:48.0644 0x02d4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\windows\System32\drivers\usbehci.sys
11:35:48.0647 0x02d4  usbehci - ok
11:35:48.0675 0x02d4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\windows\System32\drivers\usbhub.sys
11:35:48.0688 0x02d4  usbhub - ok
11:35:48.0718 0x02d4  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
11:35:48.0733 0x02d4  USBHUB3 - ok
11:35:48.0741 0x02d4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\windows\System32\drivers\usbohci.sys
11:35:48.0743 0x02d4  usbohci - ok
11:35:48.0749 0x02d4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\windows\System32\drivers\usbprint.sys
11:35:48.0751 0x02d4  usbprint - ok
11:35:48.0761 0x02d4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
11:35:48.0766 0x02d4  USBSTOR - ok
11:35:48.0774 0x02d4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
11:35:48.0776 0x02d4  usbuhci - ok
11:35:48.0792 0x02d4  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
11:35:48.0799 0x02d4  usbvideo - ok
11:35:48.0823 0x02d4  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
11:35:48.0833 0x02d4  USBXHCI - ok
11:35:48.0841 0x02d4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\windows\system32\lsass.exe
11:35:48.0844 0x02d4  VaultSvc - ok
11:35:48.0851 0x02d4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:35:48.0854 0x02d4  vdrvroot - ok
11:35:48.0905 0x02d4  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\windows\System32\vds.exe
11:35:48.0946 0x02d4  vds - ok
11:35:48.0960 0x02d4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
11:35:48.0966 0x02d4  VerifierExt - ok
11:35:49.0000 0x02d4  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
11:35:49.0017 0x02d4  vhdmp - ok
11:35:49.0024 0x02d4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\windows\system32\drivers\viaide.sys
11:35:49.0026 0x02d4  viaide - ok
11:35:49.0034 0x02d4  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\windows\system32\drivers\vmbus.sys
11:35:49.0038 0x02d4  vmbus - ok
11:35:49.0043 0x02d4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
11:35:49.0045 0x02d4  VMBusHID - ok
11:35:49.0069 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\windows\System32\ICSvc.dll
11:35:49.0086 0x02d4  vmicguestinterface - ok
11:35:49.0108 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\windows\System32\ICSvc.dll
11:35:49.0124 0x02d4  vmicheartbeat - ok
11:35:49.0148 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\windows\System32\ICSvc.dll
11:35:49.0166 0x02d4  vmickvpexchange - ok
11:35:49.0192 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\windows\System32\ICSvc.dll
11:35:49.0209 0x02d4  vmicrdv - ok
11:35:49.0233 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\windows\System32\ICSvc.dll
11:35:49.0249 0x02d4  vmicshutdown - ok
11:35:49.0272 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\windows\System32\ICSvc.dll
11:35:49.0289 0x02d4  vmictimesync - ok
11:35:49.0311 0x02d4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\windows\System32\ICSvc.dll
11:35:49.0328 0x02d4  vmicvss - ok
11:35:49.0339 0x02d4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:35:49.0341 0x02d4  volmgr - ok
11:35:49.0362 0x02d4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:35:49.0375 0x02d4  volmgrx - ok
11:35:49.0396 0x02d4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:35:49.0406 0x02d4  volsnap - ok
11:35:49.0414 0x02d4  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\windows\System32\drivers\vpci.sys
11:35:49.0417 0x02d4  vpci - ok
11:35:49.0428 0x02d4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:35:49.0433 0x02d4  vsmraid - ok
11:35:49.0490 0x02d4  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\windows\system32\vssvc.exe
11:35:49.0535 0x02d4  VSS - ok
11:35:49.0553 0x02d4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
11:35:49.0563 0x02d4  VSTXRAID - ok
11:35:49.0571 0x02d4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
11:35:49.0572 0x02d4  vwifibus - ok
11:35:49.0580 0x02d4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:35:49.0583 0x02d4  vwififlt - ok
11:35:49.0590 0x02d4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
11:35:49.0592 0x02d4  vwifimp - ok
11:35:49.0611 0x02d4  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\windows\system32\w32time.dll
11:35:49.0626 0x02d4  W32Time - ok
11:35:49.0633 0x02d4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\windows\System32\drivers\wacompen.sys
11:35:49.0634 0x02d4  WacomPen - ok
11:35:49.0696 0x02d4  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\windows\system32\wbengine.exe
11:35:49.0745 0x02d4  wbengine - ok
11:35:49.0768 0x02d4  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:35:49.0784 0x02d4  WbioSrvc - ok
11:35:49.0802 0x02d4  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
11:35:49.0816 0x02d4  Wcmsvc - ok
11:35:49.0839 0x02d4  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:35:49.0855 0x02d4  wcncsvc - ok
11:35:49.0862 0x02d4  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:35:49.0866 0x02d4  WcsPlugInService - ok
11:35:49.0873 0x02d4  [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
11:35:49.0875 0x02d4  WdBoot - ok
11:35:49.0910 0x02d4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:35:49.0936 0x02d4  Wdf01000 - ok
11:35:49.0951 0x02d4  [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
11:35:49.0960 0x02d4  WdFilter - ok
11:35:49.0969 0x02d4  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:35:49.0974 0x02d4  WdiServiceHost - ok
11:35:49.0981 0x02d4  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:35:49.0986 0x02d4  WdiSystemHost - ok
11:35:49.0997 0x02d4  [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv        C:\windows\system32\Drivers\WdNisDrv.sys
11:35:50.0001 0x02d4  WdNisDrv - ok
11:35:50.0006 0x02d4  WdNisSvc - ok
11:35:50.0020 0x02d4  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\windows\System32\webclnt.dll
11:35:50.0030 0x02d4  WebClient - ok
11:35:50.0043 0x02d4  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\windows\system32\wecsvc.dll
11:35:50.0052 0x02d4  Wecsvc - ok
11:35:50.0059 0x02d4  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\windows\system32\wephostsvc.dll
11:35:50.0063 0x02d4  WEPHOSTSVC - ok
11:35:50.0070 0x02d4  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:35:50.0075 0x02d4  wercplsupport - ok
11:35:50.0084 0x02d4  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\windows\System32\WerSvc.dll
11:35:50.0090 0x02d4  WerSvc - ok
11:35:50.0101 0x02d4  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
11:35:50.0105 0x02d4  WFPLWFS - ok
11:35:50.0114 0x02d4  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\windows\System32\wiarpc.dll
11:35:50.0118 0x02d4  WiaRpc - ok
11:35:50.0125 0x02d4  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:35:50.0127 0x02d4  WIMMount - ok
11:35:50.0131 0x02d4  WinDefend - ok
11:35:50.0170 0x02d4  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
11:35:50.0196 0x02d4  WinHttpAutoProxySvc - ok
11:35:50.0215 0x02d4  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:35:50.0223 0x02d4  Winmgmt - ok
11:35:50.0233 0x02d4  [ 0C0195C48B6B8582FA6F6373032118DA, 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5 ] WinRing0_1_2_0  C:\Users\Kathy\Downloads\RealTemp\RealTemp_370\WinRing0x64.sys
11:35:50.0234 0x02d4  WinRing0_1_2_0 - ok
11:35:50.0326 0x02d4  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\windows\system32\WsmSvc.dll
11:35:50.0441 0x02d4  WinRM - ok
11:35:50.0544 0x02d4  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\windows\System32\wlansvc.dll
11:35:50.0623 0x02d4  WlanSvc - ok
11:35:50.0717 0x02d4  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\windows\system32\wlidsvc.dll
11:35:50.0798 0x02d4  wlidsvc - ok
11:35:50.0812 0x02d4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
11:35:50.0814 0x02d4  WmiAcpi - ok
11:35:50.0837 0x02d4  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:35:50.0847 0x02d4  wmiApSrv - ok
11:35:50.0854 0x02d4  WMPNetworkSvc - ok
11:35:50.0874 0x02d4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\windows\system32\drivers\Wof.sys
11:35:50.0882 0x02d4  Wof - ok
11:35:50.0982 0x02d4  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\windows\system32\workfolderssvc.dll
11:35:51.0064 0x02d4  workfolderssvc - ok
11:35:51.0079 0x02d4  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
11:35:51.0082 0x02d4  wpcfltr - ok
11:35:51.0092 0x02d4  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:35:51.0097 0x02d4  WPCSvc - ok
11:35:51.0109 0x02d4  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:35:51.0118 0x02d4  WPDBusEnum - ok
11:35:51.0128 0x02d4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
11:35:51.0130 0x02d4  WpdUpFltr - ok
11:35:51.0140 0x02d4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:35:51.0142 0x02d4  ws2ifsl - ok
11:35:51.0158 0x02d4  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\windows\System32\wscsvc.dll
11:35:51.0169 0x02d4  wscsvc - ok
11:35:51.0182 0x02d4  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\windows\System32\drivers\WSDPrint.sys
11:35:51.0184 0x02d4  WSDPrintDevice - ok
11:35:51.0195 0x02d4  WSearch - ok
11:35:51.0399 0x02d4  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\windows\System32\WSService.dll
11:35:51.0606 0x02d4  WSService - ok
11:35:51.0808 0x02d4  [ 9FDD8CD31F3FBA88F050318F32D640E2, BBCAFDA420E11D43BAD5D87D47607F4ADF0D817C1BF86D6389582B56EDD7C246 ] wuauserv        C:\windows\system32\wuaueng.dll
11:35:51.0980 0x02d4  wuauserv - ok
11:35:52.0002 0x02d4  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:35:52.0009 0x02d4  WudfPf - ok
11:35:52.0029 0x02d4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
11:35:52.0041 0x02d4  WUDFRd - ok
11:35:52.0059 0x02d4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\windows\System32\drivers\WUDFRd.sys
11:35:52.0071 0x02d4  WUDFSensorLP - ok
11:35:52.0084 0x02d4  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:35:52.0094 0x02d4  wudfsvc - ok
11:35:52.0131 0x02d4  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\windows\System32\wwansvc.dll
11:35:52.0161 0x02d4  WwanSvc - ok
11:35:52.0184 0x02d4  ================ Scan global ===============================
11:35:52.0197 0x02d4  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\windows\system32\basesrv.dll
11:35:52.0223 0x02d4  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\windows\system32\winsrv.dll
11:35:52.0245 0x02d4  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\windows\system32\sxssrv.dll
11:35:52.0280 0x02d4  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\windows\system32\services.exe
11:35:52.0303 0x02d4  [ Global ] - ok
11:35:52.0303 0x02d4  ================ Scan MBR ==================================
11:35:52.0308 0x02d4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:35:52.0319 0x02d4  \Device\Harddisk0\DR0 - ok
11:35:52.0321 0x02d4  ================ Scan VBR ==================================
11:35:52.0325 0x02d4  [ 88BC371BE016CB25662CC6F609A784E0 ] \Device\Harddisk0\DR0\Partition1
11:35:52.0329 0x02d4  \Device\Harddisk0\DR0\Partition1 - ok
11:35:52.0334 0x02d4  [ F03A576DA19E1ACCFD3A4DA72E65C2D1 ] \Device\Harddisk0\DR0\Partition2
11:35:52.0336 0x02d4  \Device\Harddisk0\DR0\Partition2 - ok
11:35:52.0342 0x02d4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
11:35:52.0342 0x02d4  \Device\Harddisk0\DR0\Partition3 - ok
11:35:52.0350 0x02d4  [ 38D7BCEFE801D9964C9A5146DDFB9CB4 ] \Device\Harddisk0\DR0\Partition4
11:35:52.0354 0x02d4  \Device\Harddisk0\DR0\Partition4 - ok
11:35:52.0360 0x02d4  [ DF40913523F487FE7D71A149681DC1D8 ] \Device\Harddisk0\DR0\Partition5
11:35:52.0363 0x02d4  \Device\Harddisk0\DR0\Partition5 - ok
11:35:52.0364 0x02d4  ================ Scan generic autorun ======================
11:35:52.0393 0x02d4  [ 5C707676740F0629D0A13D13EA0C478B, 7E172BDD1819D2361B3037B0A7DC4FE4DE8B6E0E5449AC9F1ECFCAC50A2E608E ] C:\windows\system32\igfxtray.exe
11:35:52.0416 0x02d4  IgfxTray - ok
11:35:52.0471 0x02d4  [ A540F4067ABD25F5355818B51ED2D855, 37782DCADF7D5B2E1865F8567BCFC7CCC2E0750333C8E1C065B55FDBFA28AD51 ] C:\windows\system32\hkcmd.exe
11:35:52.0512 0x02d4  HotKeysCmds - ok
11:35:52.0561 0x02d4  [ 64313553397D1EC1A4D9839794E6CEF1, C22D7996AF21C1F25356FCDCB555453EE26FE5BF71FC34FDF4CA6E4EEB973D00 ] C:\windows\system32\igfxpers.exe
11:35:52.0601 0x02d4  Persistence - ok
11:35:52.0609 0x02d4  BTMTrayAgent - ok
11:35:52.0777 0x02d4  [ AC17209B13B7FE26BED50E7FC7BF87F7, 8943FF051C9DA2F76298A2452179BC72D317825BDA46D3401403A3E7B6DE5787 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
11:35:52.0929 0x02d4  QuickSet - ok
11:35:52.0942 0x02d4  [ BAD24090378CD1D9D70DD21CF21D1BFB, A5FB5F8DCF33BB252304D6DA7CB62906E5A437A561A066A647C8D199EE3C57B8 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
11:35:52.0993 0x02d4  IAStorIcon - ok
11:35:53.0013 0x02d4  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
11:35:53.0026 0x02d4  SunJavaUpdateSched - ok
11:35:53.0402 0x02d4  [ 4DF6E378A00B6F89CB35078054057C36, 981BE3859AC48F43E739885BDA6756C5583BFD7353A57669067C8FB170DAE097 ] C:\Program Files\CCleaner\CCleaner64.exe
11:35:53.0724 0x02d4  CCleaner Monitoring - ok
11:35:53.0759 0x02d4  [ 528ABB384D6B586565EEDE45D3B40CFC, 520A35517C88693566A56B94D94EC6201629BB629064416004BE18C7EF460713 ] C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
11:35:53.0771 0x02d4  DellSystemDetect - ok
11:35:53.0773 0x02d4  Waiting for KSN requests completion. In queue: 75
11:35:54.0774 0x02d4  Waiting for KSN requests completion. In queue: 75
11:35:55.0774 0x02d4  Waiting for KSN requests completion. In queue: 75
11:35:56.0799 0x02d4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x61100 ( enabled : updated )
11:35:56.0809 0x02d4  Win FW state via NFP2: enabled
11:35:59.0336 0x02d4  ============================================================
11:35:59.0336 0x02d4  Scan finished
11:35:59.0336 0x02d4  ============================================================
11:35:59.0351 0x04c0  Detected object count: 0
11:35:59.0351 0x04c0  Actual detected object count: 0
11:41:28.0446 0x0fc8  Deinitialize success


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 21 October 2014 - 07:05 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 October 2014 - 06:56 AM

Hi Marius, thanks for your help.

 

Here is the MalwareBytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/22/2014
Scan Time: 11:30:26 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.23.01
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307181
Time Elapsed: 11 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4112325925-1048117983-2943846805-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [66b7fc1cf3893afcfd6ddac921e119e7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [cb529880cab267cf7619e4fc8a7820e0],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 October 2014 - 09:09 AM

I was not able to finish the ESET scan before I left for work.  I will post the results of that scan later today.



#9 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 October 2014 - 08:06 PM

The ESET Scan reported this:

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

 

 

I appreciate your help with this.



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 29 October 2014 - 02:49 AM

Hi masskonfuzion,

 

Marius is not available at the moment, so I will work with you from now on. Please post back with a fresh FRST logfile and tell me how the system is running.


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 October 2014 - 06:54 PM

Apologies for my delayed response.  Thanks for your response -- I will post the updated scan results shortly.



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 31 October 2014 - 01:11 AM

ok :)
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 November 2014 - 11:37 AM

Hi schrauber,

 

Here are the FRST scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Kathy (administrator) on WINDOWS-ELSPL74 on 01-11-2014 11:32:20
Running from C:\Users\Kathy\Downloads\Anti-Malware Tools for Boo Boo
Loaded Profiles: Kathy &  (Available profiles: Kathy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Thong Nguyen) C:\Program Files (x86)\PowerMenu\PowerMenu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenote.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3059360 2012-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\Run: [DellSystemDetect] => C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-13] (Dell)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001\...\MountPoints2: {395f1c60-378e-11e4-8252-e82aea62a510} - "D:\SISetup.exe"
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DellSystemDetect] => C:\Users\Kathy\AppData\Local\Apps\2.0\NWCA67TH.4L6\7GP8186Y.GCC\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-13] (Dell)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-4112325925-1048117983-2943846805-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {395f1c60-378e-11e4-8252-e82aea62a510} - "D:\SISetup.exe"
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
ShortcutTarget: PowerMenu.lnk -> C:\Program Files (x86)\PowerMenu\PowerMenu.exe (Thong Nguyen)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\96izfjtr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\96izfjtr.default\user.js
FF Extension: Adblock Plus - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\96izfjtr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-23]

Chrome:
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]
CHR Extension: (Bulk Image Downloader) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\facoldpeadablbngjnohbmgaehknhcaj [2014-09-28]
CHR Extension: (Google Sheets) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-06] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915408 2013-10-17] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [96256 2013-04-05] (SMSC)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3668960 2013-12-20] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2013-10-16] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\Kathy\Downloads\RealTemp\RealTemp_370\WinRing0x64.sys [14544 2014-10-13] (OpenLibSys.org)
U3 kwpdauod; \??\C:\Users\Kathy\AppData\Local\Temp\kwpdauod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 23:41 - 2014-10-29 23:42 - 02289664 _____ (FreeFlashPlugin company) C:\Users\Kathy\Downloads\DownloadFileSetup_58EnH.exe
2014-10-27 22:35 - 2014-10-27 22:35 - 00007944 _____ () C:\Users\Kathy\Desktop\QuickBooks-Streaming.rdp
2014-10-25 23:09 - 2014-10-25 23:09 - 00019294 _____ () C:\Users\Kathy\Documents\Week #8 2014 - KF.xlsx
2014-10-23 16:09 - 2014-10-23 16:09 - 00000145 _____ () C:\Users\Kathy\Desktop\threats.txt
2014-10-23 06:58 - 2014-10-23 06:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-22 23:29 - 2014-11-01 11:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 23:29 - 2014-10-22 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 23:29 - 2014-10-22 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 23:29 - 2014-10-22 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 23:29 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-22 23:29 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-22 23:29 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-22 21:23 - 2014-10-23 18:04 - 00000000 ____D () C:\Users\Kathy\Documents\My Kindle Content
2014-10-22 21:23 - 2014-10-22 21:23 - 00002296 _____ () C:\Users\Kathy\Desktop\Kindle.lnk
2014-10-22 21:23 - 2014-10-22 21:23 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-22 21:22 - 2014-10-22 21:23 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Amazon
2014-10-22 21:21 - 2014-10-22 21:22 - 38157960 _____ (Amazon.com) C:\Users\Kathy\Downloads\KindleForPC-installer.exe
2014-10-18 11:25 - 2014-11-01 11:32 - 00000000 ____D () C:\FRST
2014-10-18 11:23 - 2014-11-01 11:32 - 00000000 ____D () C:\Users\Kathy\Downloads\Anti-Malware Tools for Boo Boo
2014-10-18 11:20 - 2014-10-30 23:22 - 01412551 _____ () C:\windows\WindowsUpdate.log
2014-10-15 23:52 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-10-15 23:52 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-10-15 23:52 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-10-15 23:52 - 2014-09-07 17:08 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 23:52 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 23:52 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 23:52 - 2014-09-03 22:15 - 00561416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-10-15 23:52 - 2014-09-03 22:14 - 00177472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-10-15 23:52 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-10-15 23:52 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-10-15 23:52 - 2014-09-03 20:19 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-10-15 23:52 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-10-15 23:52 - 2014-09-03 19:45 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-10-15 23:52 - 2014-09-03 19:41 - 01420288 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-15 23:52 - 2014-09-03 19:36 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 23:52 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-10-15 23:52 - 2014-09-03 19:15 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 23:52 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-10-15 23:52 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-15 23:52 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-15 23:52 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-10-15 23:52 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-10-15 23:52 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-10-15 23:52 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-10-15 23:52 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-10-15 23:52 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 23:52 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-10-15 23:52 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-10-15 23:52 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 23:52 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 23:52 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-10-15 23:52 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-10-15 23:52 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-10-15 22:49 - 2014-10-15 22:49 - 00003007 _____ () C:\Users\Kathy\Desktop\HiJackThis.lnk
2014-10-15 22:49 - 2014-10-15 22:49 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-15 22:49 - 2014-10-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-15 22:48 - 2014-10-15 22:48 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-10-15 22:48 - 2014-10-15 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-15 22:48 - 2014-10-15 22:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-15 22:46 - 2014-10-15 22:46 - 04965896 _____ (Piriform Ltd) C:\Users\Kathy\Downloads\ccsetup418.exe
2014-10-15 20:56 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 20:56 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 20:56 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2014-10-15 20:56 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2014-10-15 20:56 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2014-10-15 20:54 - 2014-10-15 20:54 - 00000000 ____D () C:\Users\Kathy\AppData\Local\LogMeIn
2014-10-15 20:54 - 2014-10-15 20:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-15 19:47 - 2014-10-18 16:29 - 00000000 ____D () C:\Users\Kathy\AppData\Local\LogMeIn Client
2014-10-15 19:29 - 2014-10-15 19:29 - 00000000 ____D () C:\Users\Kathy\Downloads\Autoruns
2014-10-15 19:28 - 2014-10-15 19:28 - 00511633 _____ () C:\Users\Kathy\Downloads\Autoruns.zip
2014-10-15 19:23 - 2014-10-15 23:38 - 00000000 ____D () C:\Users\Kathy\Downloads\Everything-1.3.4.686.x64.Multilingual
2014-10-15 19:23 - 2014-10-15 19:23 - 00905955 _____ () C:\Users\Kathy\Downloads\Everything-1.3.4.686.x64.Multilingual.zip
2014-10-15 18:54 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 18:53 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-10-15 18:53 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-10-15 18:53 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-10-15 18:53 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-10-15 18:53 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-10-15 18:53 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-10-15 18:53 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-10-15 18:53 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-10-15 18:53 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-10-15 18:53 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-10-15 18:53 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-10-15 18:53 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-10-15 18:53 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-10-15 18:53 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-10-15 18:52 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 18:52 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 18:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 18:52 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 18:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 18:52 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 18:52 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 18:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 18:52 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 18:52 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 18:52 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 18:52 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 18:52 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 18:52 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 18:52 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 18:52 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 18:52 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 18:52 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 18:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 18:52 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 18:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 18:52 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 18:52 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 18:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 18:52 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 18:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 18:52 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 18:52 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 18:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 18:52 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 18:51 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 18:51 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 18:51 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 18:51 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 18:51 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-10-15 18:51 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 18:51 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 18:51 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\windows\system32\propsys.dll
2014-10-15 18:51 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 18:51 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-10-15 18:51 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\windows\SysWOW64\propsys.dll
2014-10-15 18:51 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 18:51 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-10-15 18:51 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2014-10-15 18:51 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-10-15 18:51 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-10-15 18:51 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\ProximityService.dll
2014-10-15 18:51 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-10-15 18:51 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2014-10-15 18:51 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-10-15 18:51 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-10-15 18:51 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\pcsvDevice.dll
2014-10-15 18:51 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 18:51 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2014-10-15 18:51 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll
2014-10-15 18:51 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveShell.dll
2014-10-15 18:51 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 18:51 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2014-10-15 18:51 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2014-10-15 18:51 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\SkyDriveShell.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2014-10-15 18:51 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFolder.dll
2014-10-15 18:51 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-15 18:51 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2014-10-15 18:51 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 18:51 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-14 20:05 - 2014-10-30 19:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-13 21:55 - 2014-10-13 21:56 - 00000000 ____D () C:\Users\Kathy\Downloads\RealTemp
2014-10-13 21:54 - 2014-10-13 21:54 - 00330853 _____ () C:\Users\Kathy\Downloads\RealTemp_370.zip
2014-10-13 21:43 - 2014-10-15 18:51 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\PCDr
2014-10-13 21:41 - 2014-10-13 21:41 - 00417064 _____ () C:\Users\Kathy\Downloads\DellSystemDetect.exe
2014-10-13 21:41 - 2014-10-13 21:41 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-12 16:45 - 2014-10-12 16:45 - 00000165 ____H () C:\Users\Kathy\Downloads\~$Week #6 2014 - KF.xlsx
2014-10-12 10:10 - 2014-10-12 10:10 - 00018486 _____ () C:\Users\Kathy\Downloads\Week #6 2014 - KF.xlsx
2014-10-12 09:55 - 2014-10-12 09:55 - 00047104 _____ () C:\Users\Kathy\Downloads\Week #6 2014.xls
2014-10-11 16:41 - 2014-10-11 16:41 - 00026382 _____ () C:\Users\Kathy\Downloads\Report_from_Rightpoint.xlsx
2014-10-09 00:17 - 2014-10-09 00:17 - 00015872 ___SH () C:\Users\Kathy\Desktop\Thumbs.db
2014-10-07 19:20 - 2014-09-22 01:42 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-07 18:14 - 2014-10-07 18:14 - 00000796 _____ () C:\Users\Kathy\Downloads\Vendor7057.csv
2014-10-07 18:09 - 2014-10-23 21:49 - 00000004 _____ () C:\Users\Kathy\AppData\Roaming\appdataFr2.bin
2014-10-02 18:24 - 2014-10-02 18:24 - 00003118 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-10-02 18:24 - 2014-10-02 18:24 - 00003092 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-10-02 18:24 - 2014-10-02 18:24 - 00003090 _____ () C:\windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-10-02 18:14 - 2014-10-02 18:14 - 00161153 _____ () C:\Users\Kathy\AppData\Local\ars.cache
2014-10-02 18:14 - 2014-10-02 18:14 - 00110279 _____ () C:\Users\Kathy\AppData\Local\census.cache
2014-10-02 18:10 - 2014-10-02 18:10 - 00000010 _____ () C:\Users\Kathy\AppData\Local\sponge.last.runtime.cache
2014-10-02 18:06 - 2014-10-02 18:06 - 00000036 _____ () C:\Users\Kathy\AppData\Local\housecall.guid.cache
2014-10-02 18:06 - 2013-09-02 02:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 11:32 - 2014-09-08 14:39 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0DD750B8-78E3-44C0-BE08-5A3E84863BF8}
2014-11-01 11:28 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-30 18:54 - 2014-09-08 14:49 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 22:36 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-10-27 22:24 - 2014-09-08 14:41 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4112325925-1048117983-2943846805-1001
2014-10-27 21:53 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-25 23:06 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Packages
2014-10-25 18:34 - 2014-09-08 15:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 15:54 - 2014-09-08 14:49 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 08:33 - 2014-09-29 20:29 - 00005002 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-ELSPL74-Kathy WINDOWS-ELSPL74
2014-10-19 18:47 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\rescache
2014-10-15 23:59 - 2014-09-24 07:44 - 00000000 ____D () C:\windows\Minidump
2014-10-15 23:59 - 2014-08-12 16:20 - 00000000 ____D () C:\windows\Panther
2014-10-15 23:59 - 2014-08-12 15:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-15 23:57 - 2014-08-12 16:11 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-15 23:55 - 2014-09-11 20:15 - 00000000 ___DO () C:\Users\Kathy\OneDrive
2014-10-15 23:55 - 2014-09-08 14:50 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-15 23:55 - 2013-08-22 09:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-15 23:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ToastData
2014-10-15 23:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-10-15 23:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-15 23:52 - 2013-08-22 10:20 - 00000000 ____D () C:\windows\CbsTemp
2014-10-15 23:41 - 2013-08-22 09:44 - 00493392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-15 23:40 - 2014-09-08 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\WinStore
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\MediaViewer
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\FileManager
2014-10-15 23:40 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\Camera
2014-10-15 23:38 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy
2014-10-15 22:50 - 2014-09-08 14:35 - 00000000 ____D () C:\Users\Kathy\AppData\Local\VirtualStore
2014-10-15 21:11 - 2014-09-25 22:43 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 21:08 - 2014-09-25 22:43 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-13 21:52 - 2014-08-12 16:13 - 00000000 ____D () C:\Temp
2014-10-13 21:46 - 2014-08-12 16:19 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-13 21:46 - 2014-08-12 16:18 - 00000000 ____D () C:\Program Files\My Dell
2014-10-13 21:41 - 2014-09-08 14:49 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Deployment
2014-10-08 23:15 - 2014-08-12 16:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-07 19:21 - 2013-08-22 10:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-10-07 19:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-02 18:07 - 2014-09-28 20:41 - 00000000 ____D () C:\ProgramData\dae9aa3fe7d0b651
2014-10-02 18:07 - 2014-09-15 19:22 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-02 17:54 - 2013-08-22 14:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2014-10-02 17:54 - 2013-08-22 10:36 - 00000000 ____D () C:\windows\system32\setup
2014-10-02 17:54 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\oobe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-22 23:43

==================== End Of Log ============================



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 01 November 2014 - 12:11 PM

Hi,

 

how is the system running now?


regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 masskonfuzion

masskonfuzion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 02 November 2014 - 02:01 PM

So far, the computer is running ok.  However, I'm not 100% sure that the malware is gone.  Here's the scenario:

 

I started posting on this forum because I ran into some malware that wasn't being detected by my normal malware scanner (McAfee).  Before you took over, Marius told me to run some scanners/cleaners, and I ran them.  The scans found some questionable registry entries and possibly unwanted files on the computer, which I removed.  For a day or so, the malware seemed to have been removed.  But then it reappeared in Chrome, and I disabled the extension again in Chrome.

 

After all this, I got your instructions to run the FRST scanner, which I did.  I don't see anything unusual in the scan log (but then again, I don't fully understand what I'm looking at).  Do you have any recommendations?

 

 

Thanks for your help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users