kingtalent

Thanks for your patience. The computer has not exhibited any further signs of the infection. Below are the logs requested. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 01 Ran by HIEXDP-GM at 2014-09-03 06:58:42 Run:2 Running from C:\Users\HIEXDP-GM\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Program Files (x86)\WinZip\Utils\WzSysScan C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll C:\Windows\Installer\213e517b.msi end ***************** C:\Program Files (x86)\WinZip\Utils\WzSysScan => Moved successfully. "C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll" => File/Directory not found. C:\Windows\Installer\213e517b.msi => Moved successfully. ==== End of Fixlog ==== Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.179 Adobe Reader XI Mozilla Firefox (32.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe probably a variant of Win32/Systweak potentially unwanted application C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll a variant of Win32/Kryptik.CJQD trojan C:\Windows\Installer\213e517b.msi probably a variant of Win32/Systweak potentially unwanted application

Java removed successfully. Malwarebytes did not find any threats, that log below. ESET Online Scan log to follow shortly. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/27/2014 Scan Time: 3:21:56 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.27.07 Rootkit Database: v2014.08.21.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: HIEXDP-GM Scan Type: Threat Scan Result: Completed Objects Scanned: 338959 Time Elapsed: 6 min, 55 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

# AdwCleaner v3.308 - Report created 22/08/2014 at 10:32:55 # Updated 20/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : HIEXDP-GM - HIEXDP-GM-PC # Running from : E:\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xdrmy.default-1408717933456\prefs.js ] ************************* AdwCleaner[R0].txt - [1154 octets] - [22/08/2014 10:31:39] AdwCleaner[s0].txt - [1079 octets] - [22/08/2014 10:32:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1139 octets] ########## # AdwCleaner v3.308 - Report created 27/08/2014 at 09:26:40 # Updated 20/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : HIEXDP-GM - HIEXDP-GM-PC # Running from : C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy1sre.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2347 octets] - [22/08/2014 10:31:39] AdwCleaner[s0].txt - [2279 octets] - [22/08/2014 10:32:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2339 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by HIEXDP-GM on Wed 08/27/2014 at 9:32:50.35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/27/2014 at 9:40:46.10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes, I did install Workspace Desktop by Starfield Technologies ... it works in conjunction with GoDaddy email clients (allowing multiple downloads, providing alerts, etc.) Will post logs shortly.

SystemLook 30.07.11 by jpshortstuff Log created at 14:38 on 26/08/2014 by HIEXDP-GM Administrator - Elevation successful ========== filefind ========== Searching for "*BrowserHumble*" No files found. ========== folderfind ========== Searching for "*BrowserHumble*" No folders found. ========== regfind ========== Searching for "BrowserHumble" No data found. -= EOF =- UPDATE: at this time I am not seeing any symptoms of the infection. I have not had any pop-ups, nor does it appear that there are any unusual processes running / hogging up CPU.

You are correct, both McAfee Anti-Virus and McAfee Firewall were disabled. Anti-Virus and Firewall were enabled prior to following your directions. Here are requested logs: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03 Ran by HIEXDP-GM at 2014-08-26 14:23:11 Run:1 Running from C:\Users\HIEXDP-GM\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers EmptyTemp: end ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. "c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" => File/Directory not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Reseting Subinterface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Reseting Subinterface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {95CDCB05-4CE6-4A86-BBAB-F25295698E8C} canceled. {A11312B4-1B71-4578-810C-9DA5D58DD8E0} canceled. {26CC74C0-1931-4AFC-82EC-2F7D016D5172} canceled. {D8B2ECF4-827B-4194-BD84-583957559810} canceled. 4 out of 4 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 133.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : HIEXDP-GM [Admin rights] Mode : Scan -- Date : 08/26/2014 14:36:37 ¤¤¤ Bad processes : 3 ¤¤¤ [suspicious.Path] workspaceupdate.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspaceupdate.exe[7] -> KILLED [TermProc] [suspicious.Path] wben.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe[7] -> KILLED [TermProc] [suspicious.Path] workspacestatus.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe[7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 25 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe" -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe" -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe" -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] 3jpy1sre.default : user_pref("browser.startup.homepage", "http://google.com/"); -> FOUND ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] f223b285bfef1f72bf61da29e940cf93 [bSP] b663878dd27563964e36a4fa0c845ef2 : HP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 931642 MB User = LL1 ... OK User = LL2 ... OK

ComboFix log: ComboFix 14-08-21.01 - HIEXDP-GM 08/22/2014 10:25:54.2.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3985.2742 [GMT -5:00] Running from: E:\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\LIL20A7.tmp C:\LIL20A8.tmp c:\programdata\PCDr\6426\AddOnDownloaded\17f1dc08-7438-4923-8b13-c44c0a4de941.dll c:\programdata\PCDr\6426\AddOnDownloaded\1e594a66-ed50-4a0e-83c6-4e45f86b74a3.dll c:\programdata\PCDr\6426\AddOnDownloaded\a05de01f-6d84-4008-82c8-44786a5ba980.dll c:\programdata\PCDr\6426\AddOnDownloaded\aad72ad9-b2a9-499c-b5f3-aefdb7159aef.dll c:\programdata\PCDr\6426\AddOnDownloaded\b270d1ef-5630-421b-a735-c8a319b14e35.dll c:\programdata\PCDr\6426\AddOnDownloaded\c98a4b24-626c-4736-8d18-dd5b3e47d741.dll c:\programdata\PCDr\6426\AddOnDownloaded\d25002f9-4300-486b-80e9-bcb6abe38487.dll c:\programdata\PCDr\6426\AddOnDownloaded\e5a96c3d-2e95-42ea-ad11-9e3f77fdabd4.dll c:\programdata\PCDr\6426\AddOnDownloaded\edc945f3-3954-45e7-9a70-30ec3406dc28.dll c:\programdata\PCDr\6426\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll . . ((((((((((((((((((((((((( Files Created from 2014-07-22 to 2014-08-22 ))))))))))))))))))))))))))))))) . . 2014-08-22 15:29 . 2014-08-22 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-22 13:52 . 2014-08-22 13:52 -------- d-----w- c:\users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com 2014-08-22 13:48 . 2014-08-22 13:52 -------- d-----w- c:\program files\SUPERAntiSpyware 2014-08-22 13:48 . 2014-08-22 13:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2014-08-21 20:13 . 2014-08-21 20:13 -------- d-----w- c:\program files\Enigma Software Group 2014-08-21 20:13 . 2014-08-22 13:26 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-08-21 20:13 . 2014-08-21 20:13 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-08-21 19:59 . 2014-08-21 19:59 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\BrowserHumble 2014-08-21 19:33 . 2014-08-22 14:23 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-21 19:32 . 2014-08-21 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-21 19:32 . 2014-08-21 19:32 -------- d-----w- c:\programdata\Malwarebytes 2014-08-21 19:32 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-21 19:32 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-21 19:32 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-19 18:20 . 2014-08-19 18:20 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2014-08-19 17:15 . 2014-08-19 17:18 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Windows Live 2014-08-19 17:01 . 2014-08-19 18:21 -------- d-----w- c:\users\HIEXDP-GM\AppData\Roaming\HTC 2014-08-19 17:00 . 2014-08-19 17:00 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Apple Computer 2014-08-19 17:00 . 2014-08-19 17:00 -------- d-----w- c:\users\HIEXDP-GM\AppData\Roaming\Apple Computer 2014-08-19 17:00 . 2014-08-19 17:00 -------- d-----w- c:\users\HIEXDP-GM\.android 2014-08-19 16:59 . 2014-08-19 16:59 -------- d-----w- c:\program files (x86)\Spirent Communications 2014-08-19 16:57 . 2014-08-19 16:57 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Downloaded Installations 2014-08-19 16:56 . 2014-08-19 18:21 -------- d-----w- c:\program files (x86)\HTC 2014-08-19 16:56 . 2010-03-08 20:08 121800 ----a-w- c:\windows\system32\drivers\HtcVComV64.sys 2014-08-19 16:56 . 2009-06-09 13:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2014-08-19 16:56 . 2009-11-02 10:16 33736 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys 2014-08-19 16:56 . 2014-08-19 18:21 -------- d-----w- c:\programdata\HTC 2014-08-19 14:39 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-08-19 14:39 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-19 14:39 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-19 14:39 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-08-19 14:39 . 2014-05-14 14:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-19 14:39 . 2014-05-14 14:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-08-19 14:39 . 2014-05-14 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-08-19 14:39 . 2014-05-14 14:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2014-08-18 08:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-18 08:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-18 08:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-18 08:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-18 08:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-18 08:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-18 08:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-18 08:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-17 16:58 . 2014-07-31 23:16 235200 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2014-07-31 17:29 . 2014-07-31 17:29 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-07-31 17:29 . 2014-07-31 17:29 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-31 17:29 . 2014-07-31 17:29 -------- d-----w- c:\program files (x86)\Java 2014-07-31 17:25 . 2014-07-31 17:25 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Configure 2014-07-31 17:25 . 2014-07-31 17:25 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Maker3D 2014-07-29 15:08 . 2014-07-29 15:08 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\offsync 2014-07-29 15:06 . 2014-07-29 15:06 -------- d-----w- c:\windows\Workspace Logs 2014-07-29 15:06 . 2014-07-29 15:06 -------- d-----w- c:\program files (x86)\Workspace 2014-07-29 15:04 . 2014-07-29 15:07 -------- d-----w- c:\users\HIEXDP-GM\AppData\Local\Workspace . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-20 15:38 . 2012-11-09 12:40 72128 ----a-w- c:\windows\system32\drivers\cfwids.sys 2014-06-20 15:31 . 2012-11-09 12:37 348552 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2014-06-20 15:30 . 2014-01-26 13:53 189912 ----a-w- c:\windows\system32\mfevtps.exe 2014-06-20 15:26 . 2012-11-09 12:35 786296 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2014-06-20 15:23 . 2012-11-09 12:34 523792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2014-06-20 15:21 . 2012-11-09 12:34 313544 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2014-06-20 15:20 . 2012-11-09 12:33 181704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2014-06-18 08:12 . 2014-06-18 08:12 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2014-06-18 08:12 . 2014-06-18 08:12 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2014-06-18 08:11 . 2014-06-18 08:11 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2014-06-18 02:18 . 2014-07-09 14:16 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 14:16 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-18 01:10 . 2014-07-09 14:16 3157504 ----a-w- c:\windows\system32\win32k.sys 2014-06-06 10:10 . 2014-07-09 14:16 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 14:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 14:16 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 14:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 14:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-09 14:16 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-09 14:16 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-09 14:16 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-09 14:16 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-09 14:16 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-09 14:16 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-09 14:16 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-09 14:16 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-09 14:16 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-09 14:16 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-09 14:16 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-09 14:16 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-09 14:16 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-09 14:16 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-09 14:16 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Starfield Updater"="c:\users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe" [2014-07-29 35008] "wben"="c:\users\HIEXDP-GM\AppData\Local\Workspace\wben.exe" [2013-09-16 1569488] "Workspace Status"="c:\users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe" [2014-07-29 694760] "BrowserHumble"="c:\users\HIEXDP-GM\AppData\Local\BrowserHumble\BrowserHumble.dll" [2014-08-21 262144] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-14 7762712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-1-26 1380128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] R2 0125101408466832mcinstcleanup;McAfee Application Installer Cleanup (0125101408466832);c:\windows\TEMP\012510~1.EXE;c:\windows\TEMP\012510~1.EXE [x] R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x] R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x] R2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x] R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R2 VolumeCtlSrv;VolumeCtlSrv;c:\program files\DELLOSD\VolumeCtlSrv.exe;c:\program files\DELLOSD\VolumeCtlSrv.exe [x] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 PQAWRwa;PQAWRwa;c:\program files\DELLOSD\PQAWDrv.sys;c:\program files\DELLOSD\PQAWDrv.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2014-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26 13:30] . 2014-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5e6851ae-0888-405c-b8bd-09fd2458a5f9.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08] . 2014-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a55d101e-8279-4197-b927-57d3e426347c.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped] @="{831cebdd-6baf-4432-be76-9e0989c14aef}" [HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped] @="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}" [HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}] 2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2014-07-29 15:06 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2014-07-29 15:06 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-18 171504] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-18 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-18 442352] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-29 7507968] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xdrmy.default-1408717933456\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-08-22 10:30:31 ComboFix-quarantined-files.txt 2014-08-22 15:30 . Pre-Run: 923,700,686,848 bytes free Post-Run: 923,253,276,672 bytes free . - - End Of File - - 6AD301F4AE5DBF6D10AD5BB5AF20B48E 5C616939100B85E558DA92B899A0FC36

14:39:30.0687 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 14:39:30.0703 0x0cfc MSK80Service - ok 14:39:30.0719 0x0cfc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:39:30.0719 0x0cfc MSKSSRV - ok 14:39:30.0719 0x0cfc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:39:30.0719 0x0cfc MSPCLOCK - ok 14:39:30.0750 0x0cfc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:39:30.0750 0x0cfc MSPQM - ok 14:39:30.0765 0x0cfc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:39:30.0781 0x0cfc MsRPC - ok 14:39:30.0781 0x0cfc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:39:30.0781 0x0cfc mssmbios - ok 14:39:30.0797 0x0cfc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:39:30.0797 0x0cfc MSTEE - ok 14:39:30.0797 0x0cfc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:39:30.0797 0x0cfc MTConfig - ok 14:39:30.0812 0x0cfc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 14:39:30.0828 0x0cfc Mup - ok 14:39:30.0859 0x0cfc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 14:39:30.0875 0x0cfc napagent - ok 14:39:30.0890 0x0cfc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:39:30.0906 0x0cfc NativeWifiP - ok 14:39:30.0953 0x0cfc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 14:39:30.0968 0x0cfc NDIS - ok 14:39:30.0984 0x0cfc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:39:30.0984 0x0cfc NdisCap - ok 14:39:30.0999 0x0cfc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:39:30.0999 0x0cfc NdisTapi - ok 14:39:31.0015 0x0cfc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:39:31.0015 0x0cfc Ndisuio - ok 14:39:31.0015 0x0cfc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:39:31.0031 0x0cfc NdisWan - ok 14:39:31.0031 0x0cfc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:39:31.0031 0x0cfc NDProxy - ok 14:39:31.0046 0x0cfc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:39:31.0046 0x0cfc NetBIOS - ok 14:39:31.0077 0x0cfc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:39:31.0077 0x0cfc NetBT - ok 14:39:31.0093 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe 14:39:31.0093 0x0cfc Netlogon - ok 14:39:31.0109 0x0cfc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 14:39:31.0124 0x0cfc Netman - ok 14:39:31.0171 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:39:31.0171 0x0cfc NetMsmqActivator - ok 14:39:31.0171 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:39:31.0187 0x0cfc NetPipeActivator - ok 14:39:31.0187 0x0cfc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 14:39:31.0202 0x0cfc netprofm - ok 14:39:31.0218 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:39:31.0218 0x0cfc NetTcpActivator - ok 14:39:31.0218 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:39:31.0218 0x0cfc NetTcpPortSharing - ok 14:39:31.0233 0x0cfc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:39:31.0233 0x0cfc nfrd960 - ok 14:39:31.0265 0x0cfc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:39:31.0265 0x0cfc NlaSvc - ok 14:39:31.0265 0x0cfc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:39:31.0265 0x0cfc Npfs - ok 14:39:31.0280 0x0cfc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 14:39:31.0280 0x0cfc nsi - ok 14:39:31.0296 0x0cfc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:39:31.0296 0x0cfc nsiproxy - ok 14:39:31.0343 0x0cfc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:39:31.0374 0x0cfc Ntfs - ok 14:39:31.0389 0x0cfc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 14:39:31.0389 0x0cfc Null - ok 14:39:31.0405 0x0cfc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:39:31.0421 0x0cfc nvraid - ok 14:39:31.0436 0x0cfc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:39:31.0436 0x0cfc nvstor - ok 14:39:31.0452 0x0cfc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:39:31.0452 0x0cfc nv_agp - ok 14:39:31.0467 0x0cfc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:39:31.0467 0x0cfc ohci1394 - ok 14:39:31.0545 0x0cfc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:39:31.0545 0x0cfc ose - ok 14:39:31.0670 0x0cfc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:39:31.0748 0x0cfc osppsvc - ok 14:39:31.0779 0x0cfc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:39:31.0795 0x0cfc p2pimsvc - ok 14:39:31.0811 0x0cfc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 14:39:31.0826 0x0cfc p2psvc - ok 14:39:31.0826 0x0cfc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 14:39:31.0826 0x0cfc Parport - ok 14:39:31.0842 0x0cfc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:39:31.0842 0x0cfc partmgr - ok 14:39:31.0842 0x0cfc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll 14:39:31.0857 0x0cfc PcaSvc - ok 14:39:31.0889 0x0cfc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 14:39:31.0889 0x0cfc pci - ok 14:39:31.0904 0x0cfc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 14:39:31.0904 0x0cfc pciide - ok 14:39:31.0904 0x0cfc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:39:31.0920 0x0cfc pcmcia - ok 14:39:31.0920 0x0cfc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 14:39:31.0920 0x0cfc pcw - ok 14:39:31.0951 0x0cfc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:39:31.0967 0x0cfc PEAUTH - ok 14:39:32.0013 0x0cfc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:39:32.0013 0x0cfc PerfHost - ok 14:39:32.0060 0x0cfc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 14:39:32.0076 0x0cfc pla - ok 14:39:32.0107 0x0cfc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:39:32.0107 0x0cfc PlugPlay - ok 14:39:32.0123 0x0cfc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:39:32.0123 0x0cfc PNRPAutoReg - ok 14:39:32.0138 0x0cfc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:39:32.0138 0x0cfc PNRPsvc - ok 14:39:32.0169 0x0cfc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:39:32.0185 0x0cfc PolicyAgent - ok 14:39:32.0201 0x0cfc [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll 14:39:32.0201 0x0cfc Power - ok 14:39:32.0216 0x0cfc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:39:32.0216 0x0cfc PptpMiniport - ok 14:39:32.0232 0x0cfc [ 3191D910590F6210089498F536CFC25F, 45DF38A4167EA5D6DA426D5004F99B6228455E0FF3513032709E72838CC31267 ] PQAWRwa C:\Program Files\DELLOSD\PQAWDrv.sys 14:39:32.0232 0x0cfc PQAWRwa - ok 14:39:32.0247 0x0cfc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 14:39:32.0247 0x0cfc Processor - ok 14:39:32.0263 0x0cfc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll 14:39:32.0263 0x0cfc ProfSvc - ok 14:39:32.0279 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:39:32.0279 0x0cfc ProtectedStorage - ok 14:39:32.0279 0x0cfc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:39:32.0294 0x0cfc Psched - ok 14:39:32.0325 0x0cfc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:39:32.0357 0x0cfc ql2300 - ok 14:39:32.0357 0x0cfc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:39:32.0372 0x0cfc ql40xx - ok 14:39:32.0388 0x0cfc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 14:39:32.0388 0x0cfc QWAVE - ok 14:39:32.0403 0x0cfc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:39:32.0403 0x0cfc QWAVEdrv - ok 14:39:32.0403 0x0cfc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:39:32.0403 0x0cfc RasAcd - ok 14:39:32.0419 0x0cfc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:39:32.0419 0x0cfc RasAgileVpn - ok 14:39:32.0435 0x0cfc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 14:39:32.0435 0x0cfc RasAuto - ok 14:39:32.0450 0x0cfc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:39:32.0450 0x0cfc Rasl2tp - ok 14:39:32.0466 0x0cfc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 14:39:32.0481 0x0cfc RasMan - ok 14:39:32.0497 0x0cfc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:39:32.0497 0x0cfc RasPppoe - ok 14:39:32.0497 0x0cfc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:39:32.0497 0x0cfc RasSstp - ok 14:39:32.0518 0x0cfc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:39:32.0518 0x0cfc rdbss - ok 14:39:32.0533 0x0cfc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 14:39:32.0533 0x0cfc rdpbus - ok 14:39:32.0533 0x0cfc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:39:32.0533 0x0cfc RDPCDD - ok 14:39:32.0549 0x0cfc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:39:32.0549 0x0cfc RDPENCDD - ok 14:39:32.0549 0x0cfc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:39:32.0549 0x0cfc RDPREFMP - ok 14:39:32.0564 0x0cfc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:39:32.0580 0x0cfc RDPWD - ok 14:39:32.0580 0x0cfc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:39:32.0580 0x0cfc rdyboost - ok 14:39:32.0611 0x0cfc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:39:32.0611 0x0cfc RemoteAccess - ok 14:39:32.0611 0x0cfc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:39:32.0627 0x0cfc RemoteRegistry - ok 14:39:32.0674 0x0cfc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 14:39:32.0674 0x0cfc RFCOMM - ok 14:39:32.0689 0x0cfc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:39:32.0689 0x0cfc RpcEptMapper - ok 14:39:32.0720 0x0cfc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 14:39:32.0720 0x0cfc RpcLocator - ok 14:39:32.0752 0x0cfc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 14:39:32.0767 0x0cfc RpcSs - ok 14:39:32.0767 0x0cfc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:39:32.0767 0x0cfc rspndr - ok 14:39:32.0845 0x0cfc [ 1BB99CCA4CF32C41D623E895B556FEC1, 7A0A953987AC1308169EFBA662A3AB962ADF00519D0D1567E9D5764FC8B9F2C0 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 14:39:32.0861 0x0cfc RtkAudioService - ok 14:39:32.0923 0x0cfc [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:39:32.0939 0x0cfc RTL8167 - ok 14:39:32.0939 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe 14:39:32.0939 0x0cfc SamSs - ok 14:39:32.0954 0x0cfc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:39:32.0954 0x0cfc sbp2port - ok 14:39:32.0970 0x0cfc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:39:32.0970 0x0cfc SCardSvr - ok 14:39:32.0986 0x0cfc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:39:32.0986 0x0cfc scfilter - ok 14:39:33.0017 0x0cfc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 14:39:33.0032 0x0cfc Schedule - ok 14:39:33.0048 0x0cfc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:39:33.0048 0x0cfc SCPolicySvc - ok 14:39:33.0064 0x0cfc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:39:33.0064 0x0cfc SDRSVC - ok 14:39:33.0079 0x0cfc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:39:33.0079 0x0cfc secdrv - ok 14:39:33.0095 0x0cfc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 14:39:33.0095 0x0cfc seclogon - ok 14:39:33.0095 0x0cfc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 14:39:33.0110 0x0cfc SENS - ok 14:39:33.0110 0x0cfc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:39:33.0126 0x0cfc SensrSvc - ok 14:39:33.0126 0x0cfc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:39:33.0126 0x0cfc Serenum - ok 14:39:33.0142 0x0cfc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 14:39:33.0142 0x0cfc Serial - ok 14:39:33.0142 0x0cfc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:39:33.0142 0x0cfc sermouse - ok 14:39:33.0173 0x0cfc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 14:39:33.0188 0x0cfc SessionEnv - ok 14:39:33.0188 0x0cfc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:39:33.0188 0x0cfc sffdisk - ok 14:39:33.0188 0x0cfc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:39:33.0188 0x0cfc sffp_mmc - ok 14:39:33.0188 0x0cfc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:39:33.0188 0x0cfc sffp_sd - ok 14:39:33.0204 0x0cfc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:39:33.0204 0x0cfc sfloppy - ok 14:39:33.0329 0x0cfc [ B2B36D1B62BA24ACA1C114B3936F308D, 251C87C6EFCA5D18EFB0008B827D22E32B45A1D5C2E125B381EF5444775B798E ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe 14:39:33.0360 0x0cfc SftService - ok 14:39:33.0391 0x0cfc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:39:33.0391 0x0cfc SharedAccess - ok 14:39:33.0422 0x0cfc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:39:33.0422 0x0cfc ShellHWDetection - ok 14:39:33.0422 0x0cfc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:39:33.0422 0x0cfc SiSRaid2 - ok 14:39:33.0438 0x0cfc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:39:33.0438 0x0cfc SiSRaid4 - ok 14:39:33.0454 0x0cfc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:39:33.0454 0x0cfc SkypeUpdate - ok 14:39:33.0469 0x0cfc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:39:33.0469 0x0cfc Smb - ok 14:39:33.0485 0x0cfc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:39:33.0485 0x0cfc SNMPTRAP - ok 14:39:33.0500 0x0cfc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 14:39:33.0500 0x0cfc spldr - ok 14:39:33.0532 0x0cfc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 14:39:33.0547 0x0cfc Spooler - ok 14:39:33.0625 0x0cfc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 14:39:33.0672 0x0cfc sppsvc - ok 14:39:33.0703 0x0cfc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:39:33.0703 0x0cfc sppuinotify - ok 14:39:33.0734 0x0cfc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:39:33.0734 0x0cfc srv - ok 14:39:33.0750 0x0cfc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:39:33.0750 0x0cfc srv2 - ok 14:39:33.0766 0x0cfc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:39:33.0781 0x0cfc srvnet - ok 14:39:33.0797 0x0cfc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:39:33.0797 0x0cfc SSDPSRV - ok 14:39:33.0812 0x0cfc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:39:33.0812 0x0cfc SstpSvc - ok 14:39:33.0828 0x0cfc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:39:33.0828 0x0cfc stexstor - ok 14:39:33.0890 0x0cfc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 14:39:33.0906 0x0cfc stisvc - ok 14:39:33.0906 0x0cfc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:39:33.0906 0x0cfc swenum - ok 14:39:33.0953 0x0cfc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 14:39:33.0968 0x0cfc swprv - ok 14:39:34.0015 0x0cfc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 14:39:34.0031 0x0cfc SysMain - ok 14:39:34.0046 0x0cfc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:39:34.0046 0x0cfc TabletInputService - ok 14:39:34.0062 0x0cfc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 14:39:34.0062 0x0cfc TapiSrv - ok 14:39:34.0078 0x0cfc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 14:39:34.0078 0x0cfc TBS - ok 14:39:34.0140 0x0cfc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:39:34.0171 0x0cfc Tcpip - ok 14:39:34.0202 0x0cfc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:39:34.0234 0x0cfc TCPIP6 - ok 14:39:34.0249 0x0cfc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:39:34.0249 0x0cfc tcpipreg - ok 14:39:34.0265 0x0cfc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:39:34.0265 0x0cfc TDPIPE - ok 14:39:34.0280 0x0cfc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:39:34.0280 0x0cfc TDTCP - ok 14:39:34.0296 0x0cfc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:39:34.0296 0x0cfc tdx - ok 14:39:34.0312 0x0cfc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:39:34.0312 0x0cfc TermDD - ok 14:39:34.0343 0x0cfc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll 14:39:34.0358 0x0cfc TermService - ok 14:39:34.0374 0x0cfc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 14:39:34.0374 0x0cfc Themes - ok 14:39:34.0374 0x0cfc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 14:39:34.0390 0x0cfc THREADORDER - ok 14:39:34.0405 0x0cfc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 14:39:34.0405 0x0cfc TrkWks - ok 14:39:34.0452 0x0cfc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:39:34.0452 0x0cfc TrustedInstaller - ok 14:39:34.0483 0x0cfc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:39:34.0483 0x0cfc tssecsrv - ok 14:39:34.0483 0x0cfc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:39:34.0499 0x0cfc TsUsbFlt - ok 14:39:34.0499 0x0cfc [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 14:39:34.0499 0x0cfc TsUsbGD - ok 14:39:34.0514 0x0cfc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:39:34.0517 0x0cfc tunnel - ok 14:39:34.0519 0x0cfc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:39:34.0519 0x0cfc uagp35 - ok 14:39:34.0535 0x0cfc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:39:34.0551 0x0cfc udfs - ok 14:39:34.0566 0x0cfc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:39:34.0566 0x0cfc UI0Detect - ok 14:39:34.0566 0x0cfc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:39:34.0582 0x0cfc uliagpkx - ok 14:39:34.0582 0x0cfc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:39:34.0582 0x0cfc umbus - ok 14:39:34.0582 0x0cfc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 14:39:34.0582 0x0cfc UmPass - ok 14:39:34.0675 0x0cfc [ D80B1075B69B57A3AB78F750CE463ECE, E8435B723C3D9F5B28D5588365E7D6BED298565BCF61240C2B505B1033180DAA ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:39:34.0675 0x0cfc UNS - ok 14:39:34.0707 0x0cfc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 14:39:34.0707 0x0cfc upnphost - ok 14:39:34.0738 0x0cfc [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:39:34.0738 0x0cfc usbccgp - ok 14:39:34.0785 0x0cfc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:39:34.0785 0x0cfc usbcir - ok 14:39:34.0800 0x0cfc [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys 14:39:34.0816 0x0cfc usbehci - ok 14:39:34.0831 0x0cfc [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:39:34.0847 0x0cfc usbhub - ok 14:39:34.0863 0x0cfc [ F4A4255E930B6D007A3501C35A3DACC4, E0D0EF801100BE57A199A483330A80FB6C6FF29AEBF3380BEE16BB364A8D7FC7 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:39:34.0863 0x0cfc usbohci - ok 14:39:34.0909 0x0cfc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:39:34.0909 0x0cfc usbprint - ok 14:39:34.0925 0x0cfc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:39:34.0925 0x0cfc USBSTOR - ok 14:39:34.0956 0x0cfc [ 9462E6B70615C1703D4A95FA61FC54A1, A66E75A42E58E126F575F1AFC3BE47E119CF53431CED511776D878A78F597015 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:39:34.0956 0x0cfc usbuhci - ok 14:39:35.0003 0x0cfc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:39:35.0019 0x0cfc usbvideo - ok 14:39:35.0019 0x0cfc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 14:39:35.0034 0x0cfc UxSms - ok 14:39:35.0034 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe 14:39:35.0034 0x0cfc VaultSvc - ok 14:39:35.0050 0x0cfc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:39:35.0050 0x0cfc vdrvroot - ok 14:39:35.0065 0x0cfc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 14:39:35.0081 0x0cfc vds - ok 14:39:35.0081 0x0cfc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:39:35.0081 0x0cfc vga - ok 14:39:35.0097 0x0cfc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:39:35.0097 0x0cfc VgaSave - ok 14:39:35.0112 0x0cfc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:39:35.0112 0x0cfc vhdmp - ok 14:39:35.0143 0x0cfc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 14:39:35.0143 0x0cfc viaide - ok 14:39:35.0159 0x0cfc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:39:35.0159 0x0cfc volmgr - ok 14:39:35.0175 0x0cfc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:39:35.0190 0x0cfc volmgrx - ok 14:39:35.0206 0x0cfc [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:39:35.0206 0x0cfc volsnap - ok 14:39:35.0268 0x0cfc [ D9F8B3A9F4695CC7412B9739C43F558E, 4F80FE4A831A6CAF2054F7A236894487BB00C49D3280951E341D505CD6C57D62 ] VolumeCtlSrv C:\Program Files\DELLOSD\VolumeCtlSrv.exe 14:39:35.0268 0x0cfc VolumeCtlSrv - ok 14:39:35.0284 0x0cfc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:39:35.0284 0x0cfc vsmraid - ok 14:39:35.0331 0x0cfc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 14:39:35.0362 0x0cfc VSS - ok 14:39:35.0377 0x0cfc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:39:35.0377 0x0cfc vwifibus - ok 14:39:35.0424 0x0cfc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:39:35.0424 0x0cfc vwififlt - ok 14:39:35.0455 0x0cfc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 14:39:35.0471 0x0cfc vwifimp - ok 14:39:35.0487 0x0cfc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 14:39:35.0487 0x0cfc W32Time - ok 14:39:35.0502 0x0cfc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:39:35.0502 0x0cfc WacomPen - ok 14:39:35.0502 0x0cfc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:39:35.0518 0x0cfc WANARP - ok 14:39:35.0518 0x0cfc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:39:35.0518 0x0cfc Wanarpv6 - ok 14:39:35.0565 0x0cfc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:39:35.0580 0x0cfc WatAdminSvc - ok 14:39:35.0627 0x0cfc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 14:39:35.0658 0x0cfc wbengine - ok 14:39:35.0674 0x0cfc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:39:35.0674 0x0cfc WbioSrvc - ok 14:39:35.0689 0x0cfc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:39:35.0689 0x0cfc wcncsvc - ok 14:39:35.0721 0x0cfc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:39:35.0721 0x0cfc WcsPlugInService - ok 14:39:35.0721 0x0cfc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 14:39:35.0721 0x0cfc Wd - ok 14:39:35.0767 0x0cfc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:39:35.0799 0x0cfc Wdf01000 - ok 14:39:35.0830 0x0cfc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:39:35.0830 0x0cfc WdiServiceHost - ok 14:39:35.0845 0x0cfc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:39:35.0845 0x0cfc WdiSystemHost - ok 14:39:35.0861 0x0cfc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 14:39:35.0861 0x0cfc WebClient - ok 14:39:35.0892 0x0cfc [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc C:\Windows\system32\wecsvc.dll 14:39:35.0892 0x0cfc Wecsvc - ok 14:39:35.0908 0x0cfc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:39:35.0908 0x0cfc wercplsupport - ok 14:39:35.0923 0x0cfc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 14:39:35.0923 0x0cfc WerSvc - ok 14:39:35.0923 0x0cfc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:39:35.0923 0x0cfc WfpLwf - ok 14:39:35.0939 0x0cfc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:39:35.0939 0x0cfc WIMMount - ok 14:39:35.0939 0x0cfc WinDefend - ok 14:39:35.0955 0x0cfc WinHttpAutoProxySvc - ok 14:39:35.0986 0x0cfc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:39:35.0986 0x0cfc Winmgmt - ok 14:39:36.0064 0x0cfc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll 14:39:36.0095 0x0cfc WinRM - ok 14:39:36.0126 0x0cfc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:39:36.0126 0x0cfc WinUsb - ok 14:39:36.0189 0x0cfc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:39:36.0204 0x0cfc Wlansvc - ok 14:39:36.0282 0x0cfc [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:39:36.0313 0x0cfc wlidsvc - ok 14:39:36.0360 0x0cfc [ E04D799D111FD688B83C0F0EDF8BF14C, 2291360D4824C9508801737FCA7B51D89ECB1AF829C064E1C705D30AFBA68D5C ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 14:39:36.0376 0x0cfc wltrysvc - ok 14:39:36.0376 0x0cfc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:39:36.0376 0x0cfc WmiAcpi - ok 14:39:36.0391 0x0cfc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:39:36.0391 0x0cfc wmiApSrv - ok 14:39:36.0407 0x0cfc WMPNetworkSvc - ok 14:39:36.0407 0x0cfc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:39:36.0407 0x0cfc WPCSvc - ok 14:39:36.0423 0x0cfc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:39:36.0423 0x0cfc WPDBusEnum - ok 14:39:36.0454 0x0cfc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:39:36.0454 0x0cfc ws2ifsl - ok 14:39:36.0454 0x0cfc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 14:39:36.0469 0x0cfc wscsvc - ok 14:39:36.0469 0x0cfc WSearch - ok 14:39:36.0556 0x0cfc [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll 14:39:36.0595 0x0cfc wuauserv - ok 14:39:36.0626 0x0cfc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:39:36.0626 0x0cfc WudfPf - ok 14:39:36.0673 0x0cfc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:39:36.0673 0x0cfc WUDFRd - ok 14:39:36.0704 0x0cfc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:39:36.0704 0x0cfc wudfsvc - ok 14:39:36.0720 0x0cfc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 14:39:36.0735 0x0cfc WwanSvc - ok 14:39:36.0766 0x0cfc ================ Scan global =============================== 14:39:36.0798 0x0cfc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 14:39:36.0829 0x0cfc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 14:39:36.0844 0x0cfc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 14:39:36.0860 0x0cfc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 14:39:36.0891 0x0cfc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 14:39:36.0907 0x0cfc [ Global ] - ok 14:39:36.0907 0x0cfc ================ Scan MBR ================================== 14:39:36.0922 0x0cfc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 14:39:37.0125 0x0cfc \Device\Harddisk0\DR0 - ok 14:39:37.0125 0x0cfc ================ Scan VBR ================================== 14:39:37.0125 0x0cfc [ F70403486978018B11325D9B008A56B7 ] \Device\Harddisk0\DR0\Partition1 14:39:37.0188 0x0cfc \Device\Harddisk0\DR0\Partition1 - ok 14:39:37.0188 0x0cfc [ 359570A75AED48DA4F1942B886DE3AAC ] \Device\Harddisk0\DR0\Partition2 14:39:37.0188 0x0cfc \Device\Harddisk0\DR0\Partition2 - ok 14:39:37.0188 0x0cfc ================ Scan generic autorun ====================== 14:39:37.0219 0x0cfc [ 9BA5073DF516E6AEF3DBF57B6518D7B4, CAFBD3A57FF54A8448F4A7A9D4E70964A3ABEBF668E1892AFD82958EFA61BB5E ] C:\Windows\system32\igfxtray.exe 14:39:37.0219 0x0cfc IgfxTray - ok 14:39:37.0234 0x0cfc [ 5E0382113B7865D02AFDC639C84FA9AB, 8CD7444E55B7D7CF3D12C0C0E085D81423CAE2879914DC996829E5579EAF2BC3 ] C:\Windows\system32\hkcmd.exe 14:39:37.0250 0x0cfc HotKeysCmds - ok 14:39:37.0266 0x0cfc [ 30DB1F73F98385B3F591141B6F3C509B, 762640A79E5E43CE522C1ABE2A5ABDBA00A03073267EC1070F608FAE0B9007A4 ] C:\Windows\system32\igfxpers.exe 14:39:37.0281 0x0cfc Persistence - ok 14:39:37.0437 0x0cfc [ DB333A5F69B00A6B550901A5C854929F, 7CAB6D0D20CDE3AE41B06826C9045CC3E3438AB94BB3D9D5C0E50EEF3C41101F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 14:39:37.0609 0x0cfc RTHDVCPL - ok 14:39:37.0671 0x0cfc [ E9752E0CD9FB37612474B23973443FC9, B497B77BCC70A721D74DDE5551C0314D43FDAFE547D071C26750F0314128FCB8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 14:39:37.0702 0x0cfc RtHDVBg - ok 14:39:38.0264 0x0cfc [ 7F0C62EDD6D3845ECFC491A5F617F676, 0EC81F6033735830BFC282FBB099AF95BA1194AFDB425A6E0758036B28F6933A ] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe 14:39:38.0420 0x0cfc Broadcom Wireless Manager UI - ok 14:39:38.0482 0x0cfc [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe 14:39:38.0498 0x0cfc mcpltui_exe - ok 14:39:38.0550 0x0cfc [ FE821F6FA60E9DF9FDEE69A23488BBAB, 98D9926152FDA45705F5E208D7236E467CAEEF83D756A14B4104EBF804644B29 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 14:39:38.0565 0x0cfc Adobe ARM - ok 14:39:38.0581 0x0cfc [ 1DE859B82E381A645C44284A5044BC33, 305AE678D3163D57C8E027F94BC553FDFDE7F9A14599EAEC370B0867DE4A9EC2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 14:39:38.0597 0x0cfc SunJavaUpdateSched - ok 14:39:38.0643 0x0cfc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 14:39:38.0675 0x0cfc Sidebar - ok 14:39:38.0690 0x0cfc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 14:39:38.0706 0x0cfc mctadmin - ok 14:39:38.0737 0x0cfc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 14:39:38.0753 0x0cfc Sidebar - ok 14:39:38.0768 0x0cfc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 14:39:38.0768 0x0cfc mctadmin - ok 14:39:38.0815 0x0cfc [ 8BBDBEBCF62898D56AB584A373A461E7, 627F24C96576C51255794DCD4DFAA39C0F0334F5E1EF69EC552DE357C2C16228 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe 14:39:38.0815 0x0cfc Starfield Updater - ok 14:39:38.0862 0x0cfc [ 4DE6D81F233FA8FDA7DEA30E0EF1786A, 60A16FBE2F854B452091FFCB945C41BB0E86738A94F64BC274F1EC7F45B9D417 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe 14:39:38.0893 0x0cfc wben - ok 14:39:38.0909 0x0cfc [ 9CA3F552644E7FB6A318FAE7C314DC5C, 1720FF5BFD58F96CD05546B02F214F7371EA85997000F36E243CAB9C6E00DF34 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe 14:39:38.0924 0x0cfc Workspace Status - ok 14:39:38.0924 0x0cfc Waiting for KSN requests completion. In queue: 341 14:39:39.0938 0x0cfc Waiting for KSN requests completion. In queue: 341 14:39:40.0942 0x0cfc Waiting for KSN requests completion. In queue: 29 14:39:41.0956 0x0cfc Waiting for KSN requests completion. In queue: 29 14:39:42.0975 0x0cfc AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52000 ( disabled : updated ) 14:39:42.0990 0x0cfc FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled ) 14:39:43.0037 0x0cfc Win FW state via NFP2: enabled 14:39:46.0256 0x0cfc ============================================================ 14:39:46.0256 0x0cfc Scan finished 14:39:46.0256 0x0cfc ============================================================ 14:39:46.0256 0x200c Detected object count: 0 14:39:46.0256 0x200c Actual detected object count: 0

Am breaking up the TDSSKiller log as it will not let me post the entire thing: 14:38:43.0541 0x0200 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58 14:38:48.0845 0x0200 ============================================================ 14:38:48.0845 0x0200 Current date / time: 2014/08/25 14:38:48.0845 14:38:48.0845 0x0200 SystemInfo: 14:38:48.0845 0x0200 14:38:48.0845 0x0200 OS Version: 6.1.7601 ServicePack: 1.0 14:38:48.0845 0x0200 Product type: Workstation 14:38:48.0845 0x0200 ComputerName: HIEXDP-GM-PC 14:38:48.0845 0x0200 UserName: HIEXDP-GM 14:38:48.0845 0x0200 Windows directory: C:\Windows 14:38:48.0845 0x0200 System windows directory: C:\Windows 14:38:48.0845 0x0200 Running under WOW64 14:38:48.0845 0x0200 Processor architecture: Intel x64 14:38:48.0845 0x0200 Number of processors: 2 14:38:48.0845 0x0200 Page size: 0x1000 14:38:48.0845 0x0200 Boot type: Normal boot 14:38:48.0845 0x0200 ============================================================ 14:38:50.0784 0x0200 KLMD registered as C:\Windows\system32\drivers\37858966.sys 14:38:51.0112 0x0200 System UUID: {9DC437FF-CD7F-E336-EA6E-B94CA0A603C3} 14:38:51.0673 0x0200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:38:51.0689 0x0200 ============================================================ 14:38:51.0689 0x0200 \Device\Harddisk0\DR0: 14:38:51.0689 0x0200 MBR partitions: 14:38:51.0689 0x0200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2B55000 14:38:51.0689 0x0200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2B69000, BlocksNum 0x71B9D000 14:38:51.0689 0x0200 ============================================================ 14:38:51.0705 0x0200 C: <-> \Device\Harddisk0\DR0\Partition2 14:38:51.0705 0x0200 ============================================================ 14:38:51.0705 0x0200 Initialize success 14:38:51.0705 0x0200 ============================================================ 14:39:19.0064 0x0cfc ============================================================ 14:39:19.0064 0x0cfc Scan started 14:39:19.0064 0x0cfc Mode: Manual; TDLFS; 14:39:19.0064 0x0cfc ============================================================ 14:39:19.0064 0x0cfc KSN ping started 14:39:22.0173 0x0cfc KSN ping finished: true 14:39:23.0239 0x0cfc ================ Scan system memory ======================== 14:39:23.0239 0x0cfc System memory - ok 14:39:23.0239 0x0cfc ================ Scan services ============================= 14:39:23.0333 0x0cfc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:39:23.0348 0x0cfc 1394ohci - ok 14:39:23.0380 0x0cfc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:39:23.0380 0x0cfc ACPI - ok 14:39:23.0395 0x0cfc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:39:23.0395 0x0cfc AcpiPmi - ok 14:39:23.0458 0x0cfc [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:39:23.0458 0x0cfc AdobeARMservice - ok 14:39:23.0551 0x0cfc [ 438F31336B3DC248ABC632F1C8F34A24, 94C1218E7EC2EC6D4870A6FDC118097D7D3A359DA073DCD3A9770F399F830991 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:39:23.0567 0x0cfc AdobeFlashPlayerUpdateSvc - ok 14:39:23.0582 0x0cfc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:39:23.0582 0x0cfc adp94xx - ok 14:39:23.0614 0x0cfc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:39:23.0614 0x0cfc adpahci - ok 14:39:23.0614 0x0cfc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:39:23.0629 0x0cfc adpu320 - ok 14:39:23.0645 0x0cfc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:39:23.0645 0x0cfc AeLookupSvc - ok 14:39:23.0707 0x0cfc [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 14:39:23.0707 0x0cfc AERTFilters - ok 14:39:23.0738 0x0cfc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 14:39:23.0754 0x0cfc AFD - ok 14:39:23.0754 0x0cfc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 14:39:23.0754 0x0cfc agp440 - ok 14:39:23.0770 0x0cfc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 14:39:23.0770 0x0cfc ALG - ok 14:39:23.0785 0x0cfc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 14:39:23.0785 0x0cfc aliide - ok 14:39:23.0801 0x0cfc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 14:39:23.0801 0x0cfc amdide - ok 14:39:23.0801 0x0cfc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:39:23.0816 0x0cfc AmdK8 - ok 14:39:23.0816 0x0cfc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:39:23.0816 0x0cfc AmdPPM - ok 14:39:23.0848 0x0cfc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:39:23.0848 0x0cfc amdsata - ok 14:39:23.0848 0x0cfc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:39:23.0863 0x0cfc amdsbs - ok 14:39:23.0879 0x0cfc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:39:23.0879 0x0cfc amdxata - ok 14:39:23.0879 0x0cfc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys 14:39:23.0894 0x0cfc AppID - ok 14:39:23.0910 0x0cfc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:39:23.0910 0x0cfc AppIDSvc - ok 14:39:23.0926 0x0cfc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 14:39:23.0926 0x0cfc Appinfo - ok 14:39:23.0926 0x0cfc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 14:39:23.0926 0x0cfc arc - ok 14:39:23.0941 0x0cfc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:39:23.0941 0x0cfc arcsas - ok 14:39:23.0988 0x0cfc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:39:23.0988 0x0cfc aspnet_state - ok 14:39:24.0004 0x0cfc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:39:24.0004 0x0cfc AsyncMac - ok 14:39:24.0035 0x0cfc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 14:39:24.0035 0x0cfc atapi - ok 14:39:24.0066 0x0cfc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:39:24.0066 0x0cfc AudioEndpointBuilder - ok 14:39:24.0097 0x0cfc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:39:24.0097 0x0cfc AudioSrv - ok 14:39:24.0113 0x0cfc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:39:24.0113 0x0cfc AxInstSV - ok 14:39:24.0128 0x0cfc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:39:24.0144 0x0cfc b06bdrv - ok 14:39:24.0144 0x0cfc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:39:24.0144 0x0cfc b57nd60a - ok 14:39:24.0206 0x0cfc [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys 14:39:24.0206 0x0cfc bcbtums - ok 14:39:24.0253 0x0cfc [ 9E889F80A9D16639DF7EEA5B532844DF, 6A84F310B97975B789C1D96CE6D8FBCB20CFFB71089773EEAA8E6DC5F01EFAE8 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 14:39:24.0253 0x0cfc BCM42RLY - ok 14:39:24.0409 0x0cfc [ D53824382B2D50EBBE8B133D0CE39775, FCB5849B6CDEFE771390412048AFFA0C21BE50E7CC4316EBA1CAD450AA585827 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 14:39:24.0505 0x0cfc BCM43XX - ok 14:39:24.0555 0x0cfc [ 52752A34FE0D4105CC814F5CC539132B, CCB3A4DDC6DD18B17613220E6DF09A43032362EFD22EA1058C5A6E9C6CED63EE ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys 14:39:24.0555 0x0cfc BcmVWL - ok 14:39:24.0570 0x0cfc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 14:39:24.0570 0x0cfc BDESVC - ok 14:39:24.0586 0x0cfc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 14:39:24.0586 0x0cfc Beep - ok 14:39:24.0617 0x0cfc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 14:39:24.0617 0x0cfc BFE - ok 14:39:24.0664 0x0cfc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 14:39:24.0679 0x0cfc BITS - ok 14:39:24.0695 0x0cfc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:39:24.0695 0x0cfc blbdrive - ok 14:39:24.0695 0x0cfc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:39:24.0711 0x0cfc bowser - ok 14:39:24.0711 0x0cfc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:39:24.0711 0x0cfc BrFiltLo - ok 14:39:24.0711 0x0cfc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:39:24.0711 0x0cfc BrFiltUp - ok 14:39:24.0726 0x0cfc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 14:39:24.0742 0x0cfc Browser - ok 14:39:24.0742 0x0cfc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:39:24.0757 0x0cfc Brserid - ok 14:39:24.0757 0x0cfc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:39:24.0757 0x0cfc BrSerWdm - ok 14:39:24.0773 0x0cfc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:39:24.0773 0x0cfc BrUsbMdm - ok 14:39:24.0773 0x0cfc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:39:24.0773 0x0cfc BrUsbSer - ok 14:39:24.0789 0x0cfc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 14:39:24.0789 0x0cfc BthEnum - ok 14:39:24.0789 0x0cfc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:39:24.0804 0x0cfc BTHMODEM - ok 14:39:24.0820 0x0cfc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 14:39:24.0820 0x0cfc BthPan - ok 14:39:24.0835 0x0cfc [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 14:39:24.0851 0x0cfc BTHPORT - ok 14:39:24.0851 0x0cfc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 14:39:24.0851 0x0cfc bthserv - ok 14:39:24.0867 0x0cfc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 14:39:24.0867 0x0cfc BTHUSB - ok 14:39:24.0898 0x0cfc [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 14:39:24.0913 0x0cfc btwampfl - ok 14:39:24.0929 0x0cfc [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 14:39:24.0929 0x0cfc btwaudio - ok 14:39:24.0945 0x0cfc [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 14:39:24.0945 0x0cfc btwavdt - ok 14:39:25.0038 0x0cfc [ F854871C9CB25FE21DA0233289BE3F0A, 4477FC0E0BEA0662FDA912AADECE9EAC0773D3C2B3EB3373B0C3AD0FB2146979 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 14:39:25.0054 0x0cfc btwdins - ok 14:39:25.0054 0x0cfc [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 14:39:25.0054 0x0cfc btwl2cap - ok 14:39:25.0069 0x0cfc [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 14:39:25.0069 0x0cfc btwrchid - ok 14:39:25.0069 0x0cfc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:39:25.0069 0x0cfc cdfs - ok 14:39:25.0116 0x0cfc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:39:25.0116 0x0cfc cdrom - ok 14:39:25.0147 0x0cfc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 14:39:25.0147 0x0cfc CertPropSvc - ok 14:39:25.0194 0x0cfc [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids C:\Windows\system32\drivers\cfwids.sys 14:39:25.0194 0x0cfc cfwids - ok 14:39:25.0210 0x0cfc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:39:25.0210 0x0cfc circlass - ok 14:39:25.0241 0x0cfc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 14:39:25.0241 0x0cfc CLFS - ok 14:39:25.0303 0x0cfc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:39:25.0303 0x0cfc clr_optimization_v2.0.50727_32 - ok 14:39:25.0335 0x0cfc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:39:25.0335 0x0cfc clr_optimization_v2.0.50727_64 - ok 14:39:25.0366 0x0cfc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:39:25.0366 0x0cfc clr_optimization_v4.0.30319_32 - ok 14:39:25.0381 0x0cfc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:39:25.0397 0x0cfc clr_optimization_v4.0.30319_64 - ok 14:39:25.0413 0x0cfc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:39:25.0413 0x0cfc CmBatt - ok 14:39:25.0413 0x0cfc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:39:25.0413 0x0cfc cmdide - ok 14:39:25.0444 0x0cfc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys 14:39:25.0459 0x0cfc CNG - ok 14:39:25.0475 0x0cfc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:39:25.0475 0x0cfc Compbatt - ok 14:39:25.0491 0x0cfc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 14:39:25.0491 0x0cfc CompositeBus - ok 14:39:25.0491 0x0cfc COMSysApp - ok 14:39:25.0553 0x0cfc [ 7227817CEAB3F0B1F0FAA79FB100DCD7, 82BDF5FD6398384E1D4913F641C2FEA08D89A14473BF498D4C597BC24CA8D990 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 14:39:25.0553 0x0cfc cphs - ok 14:39:25.0569 0x0cfc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:39:25.0569 0x0cfc crcdisk - ok 14:39:25.0584 0x0cfc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:39:25.0584 0x0cfc CryptSvc - ok 14:39:25.0615 0x0cfc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:39:25.0631 0x0cfc DcomLaunch - ok 14:39:25.0647 0x0cfc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 14:39:25.0662 0x0cfc defragsvc - ok 14:39:25.0756 0x0cfc [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe 14:39:25.0756 0x0cfc DellDigitalDelivery - ok 14:39:25.0771 0x0cfc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:39:25.0771 0x0cfc DfsC - ok 14:39:25.0787 0x0cfc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 14:39:25.0803 0x0cfc Dhcp - ok 14:39:25.0818 0x0cfc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 14:39:25.0818 0x0cfc discache - ok 14:39:25.0834 0x0cfc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 14:39:25.0834 0x0cfc Disk - ok 14:39:25.0865 0x0cfc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:39:25.0865 0x0cfc Dnscache - ok 14:39:25.0896 0x0cfc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 14:39:25.0896 0x0cfc dot3svc - ok 14:39:25.0912 0x0cfc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 14:39:25.0912 0x0cfc DPS - ok 14:39:25.0959 0x0cfc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:39:25.0959 0x0cfc drmkaud - ok 14:39:26.0021 0x0cfc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:39:26.0037 0x0cfc DXGKrnl - ok 14:39:26.0052 0x0cfc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 14:39:26.0052 0x0cfc EapHost - ok 14:39:26.0146 0x0cfc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:39:26.0193 0x0cfc ebdrv - ok 14:39:26.0224 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe 14:39:26.0224 0x0cfc EFS - ok 14:39:26.0286 0x0cfc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:39:26.0302 0x0cfc ehRecvr - ok 14:39:26.0317 0x0cfc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 14:39:26.0317 0x0cfc ehSched - ok 14:39:26.0349 0x0cfc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:39:26.0364 0x0cfc elxstor - ok 14:39:26.0364 0x0cfc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:39:26.0364 0x0cfc ErrDev - ok 14:39:26.0411 0x0cfc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 14:39:26.0427 0x0cfc EventSystem - ok 14:39:26.0442 0x0cfc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 14:39:26.0442 0x0cfc exfat - ok 14:39:26.0458 0x0cfc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:39:26.0458 0x0cfc fastfat - ok 14:39:26.0489 0x0cfc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 14:39:26.0489 0x0cfc Fax - ok 14:39:26.0505 0x0cfc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 14:39:26.0507 0x0cfc fdc - ok 14:39:26.0512 0x0cfc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 14:39:26.0512 0x0cfc fdPHost - ok 14:39:26.0528 0x0cfc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 14:39:26.0528 0x0cfc FDResPub - ok 14:39:26.0606 0x0cfc [ 49E2E2C62D1A8FDEA2DDFF1778190FE3, 6D6FDABA9EE723EB63433AA0265A1931137FB0971D78B478BA33FD26A502940A ] File Backup C:\Program Files (x86)\Workspace\offSyncService.exe 14:39:26.0621 0x0cfc File Backup - ok 14:39:26.0637 0x0cfc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:39:26.0637 0x0cfc FileInfo - ok 14:39:26.0653 0x0cfc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:39:26.0653 0x0cfc Filetrace - ok 14:39:26.0653 0x0cfc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 14:39:26.0653 0x0cfc flpydisk - ok 14:39:26.0668 0x0cfc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:39:26.0668 0x0cfc FltMgr - ok 14:39:26.0762 0x0cfc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 14:39:26.0777 0x0cfc FontCache - ok 14:39:26.0809 0x0cfc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:39:26.0824 0x0cfc FontCache3.0.0.0 - ok 14:39:26.0840 0x0cfc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:39:26.0840 0x0cfc FsDepends - ok 14:39:26.0855 0x0cfc [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 14:39:26.0871 0x0cfc fssfltr - ok 14:39:26.0933 0x0cfc [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:39:26.0965 0x0cfc fsssvc - ok 14:39:26.0980 0x0cfc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:39:26.0980 0x0cfc Fs_Rec - ok 14:39:26.0996 0x0cfc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:39:26.0996 0x0cfc fvevol - ok 14:39:27.0011 0x0cfc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:39:27.0011 0x0cfc gagp30kx - ok 14:39:27.0043 0x0cfc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 14:39:27.0058 0x0cfc gpsvc - ok 14:39:27.0074 0x0cfc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:39:27.0074 0x0cfc hcw85cir - ok 14:39:27.0136 0x0cfc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:39:27.0152 0x0cfc HdAudAddService - ok 14:39:27.0183 0x0cfc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:39:27.0199 0x0cfc HDAudBus - ok 14:39:27.0199 0x0cfc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:39:27.0199 0x0cfc HidBatt - ok 14:39:27.0214 0x0cfc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:39:27.0214 0x0cfc HidBth - ok 14:39:27.0245 0x0cfc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:39:27.0245 0x0cfc HidIr - ok 14:39:27.0261 0x0cfc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 14:39:27.0261 0x0cfc hidserv - ok 14:39:27.0277 0x0cfc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:39:27.0292 0x0cfc HidUsb - ok 14:39:27.0339 0x0cfc [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 14:39:27.0355 0x0cfc HipShieldK - ok 14:39:27.0370 0x0cfc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:39:27.0386 0x0cfc hkmsvc - ok 14:39:27.0386 0x0cfc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:39:27.0401 0x0cfc HomeGroupListener - ok 14:39:27.0417 0x0cfc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:39:27.0433 0x0cfc HomeGroupProvider - ok 14:39:27.0511 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 14:39:27.0511 0x0cfc HomeNetSvc - ok 14:39:27.0526 0x0cfc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:39:27.0526 0x0cfc HpSAMD - ok 14:39:27.0557 0x0cfc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:39:27.0573 0x0cfc HTTP - ok 14:39:27.0573 0x0cfc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:39:27.0573 0x0cfc hwpolicy - ok 14:39:27.0589 0x0cfc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:39:27.0589 0x0cfc i8042prt - ok 14:39:27.0620 0x0cfc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:39:27.0620 0x0cfc iaStorV - ok 14:39:27.0682 0x0cfc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:39:27.0698 0x0cfc idsvc - ok 14:39:27.0698 0x0cfc IEEtwCollectorService - ok 14:39:27.0838 0x0cfc [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:39:27.0932 0x0cfc igfx - ok 14:39:27.0963 0x0cfc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:39:27.0963 0x0cfc iirsp - ok 14:39:27.0994 0x0cfc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 14:39:28.0010 0x0cfc IKEEXT - ok 14:39:28.0150 0x0cfc [ E4FD2A81EF844C01E3BA6FBED1644A23, 022419EDDA4694536FD677EB3C6BA79A0B318982F0F7644918FD828D1FF64758 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:39:28.0228 0x0cfc IntcAzAudAddService - ok 14:39:28.0306 0x0cfc [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe 14:39:28.0322 0x0cfc Intel® Capability Licensing Service Interface - ok 14:39:28.0337 0x0cfc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 14:39:28.0337 0x0cfc intelide - ok 14:39:28.0353 0x0cfc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:39:28.0353 0x0cfc intelppm - ok 14:39:28.0369 0x0cfc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:39:28.0369 0x0cfc IPBusEnum - ok 14:39:28.0384 0x0cfc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:39:28.0384 0x0cfc IpFilterDriver - ok 14:39:28.0400 0x0cfc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:39:28.0415 0x0cfc iphlpsvc - ok 14:39:28.0415 0x0cfc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:39:28.0431 0x0cfc IPMIDRV - ok 14:39:28.0431 0x0cfc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:39:28.0431 0x0cfc IPNAT - ok 14:39:28.0447 0x0cfc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:39:28.0447 0x0cfc IRENUM - ok 14:39:28.0447 0x0cfc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:39:28.0447 0x0cfc isapnp - ok 14:39:28.0478 0x0cfc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:39:28.0478 0x0cfc iScsiPrt - ok 14:39:28.0509 0x0cfc [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir C:\Windows\system32\DRIVERS\itecir.sys 14:39:28.0511 0x0cfc itecir - ok 14:39:28.0561 0x0cfc [ DBD76BC1D498FE368F2C8CB76C3E00A4, CDFB082B57807CE89509A16D1C8A5BAEEC026EDD7068F5E359AA50557D2525DC ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe 14:39:28.0561 0x0cfc jhi_service - ok 14:39:28.0576 0x0cfc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:39:28.0576 0x0cfc kbdclass - ok 14:39:28.0592 0x0cfc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:39:28.0592 0x0cfc kbdhid - ok 14:39:28.0608 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe 14:39:28.0608 0x0cfc KeyIso - ok 14:39:28.0623 0x0cfc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:39:28.0623 0x0cfc KSecDD - ok 14:39:28.0639 0x0cfc [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:39:28.0639 0x0cfc KSecPkg - ok 14:39:28.0654 0x0cfc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:39:28.0654 0x0cfc ksthunk - ok 14:39:28.0686 0x0cfc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 14:39:28.0686 0x0cfc KtmRm - ok 14:39:28.0732 0x0cfc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:39:28.0732 0x0cfc LanmanServer - ok 14:39:28.0764 0x0cfc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:39:28.0764 0x0cfc LanmanWorkstation - ok 14:39:28.0779 0x0cfc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:39:28.0779 0x0cfc lltdio - ok 14:39:28.0810 0x0cfc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:39:28.0826 0x0cfc lltdsvc - ok 14:39:28.0842 0x0cfc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:39:28.0842 0x0cfc lmhosts - ok 14:39:28.0888 0x0cfc [ 86E4CC39C953D11EF57CF54C4DC78238, 076973CA22E8BA94877241EC39D97612C32F3E744E026FA0E518C4DDE8277A55 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:39:28.0904 0x0cfc LMS - ok 14:39:28.0951 0x0cfc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:39:28.0951 0x0cfc LSI_FC - ok 14:39:28.0966 0x0cfc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:39:28.0966 0x0cfc LSI_SAS - ok 14:39:28.0966 0x0cfc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:39:28.0966 0x0cfc LSI_SAS2 - ok 14:39:28.0982 0x0cfc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:39:28.0982 0x0cfc LSI_SCSI - ok 14:39:28.0998 0x0cfc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 14:39:28.0998 0x0cfc luafv - ok 14:39:29.0029 0x0cfc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:39:29.0029 0x0cfc MBAMProtector - ok 14:39:29.0107 0x0cfc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe 14:39:29.0138 0x0cfc MBAMScheduler - ok 14:39:29.0169 0x0cfc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe 14:39:29.0185 0x0cfc MBAMService - ok 14:39:29.0247 0x0cfc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 14:39:29.0263 0x0cfc MBAMSwissArmy - ok 14:39:29.0263 0x0cfc [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 14:39:29.0278 0x0cfc MBAMWebAccessControl - ok 14:39:29.0356 0x0cfc [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe 14:39:29.0356 0x0cfc McAPExe - ok 14:39:29.0434 0x0cfc [ 7E6A605BF5211D1A065698FEF9894B7F, 7AF0427E47678A428BDB2FB05787D43EB11F731481173260F2B8D265783C1587 ] McAWFwk c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe 14:39:29.0434 0x0cfc McAWFwk - ok 14:39:29.0466 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe 14:39:29.0466 0x0cfc McMPFSvc - ok 14:39:29.0481 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe 14:39:29.0497 0x0cfc McNaiAnn - ok 14:39:29.0606 0x0cfc [ 7F8446D8AD9161B34DC7C209FB148A5A, 26B07EB138992586FC410849172A63ACC26D99ED59B568EFF9C93ED2EB129453 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe 14:39:29.0622 0x0cfc McODS - ok 14:39:29.0622 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McOobeSv2 C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe 14:39:29.0637 0x0cfc McOobeSv2 - ok 14:39:29.0653 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe 14:39:29.0668 0x0cfc mcpltsvc - ok 14:39:29.0684 0x0cfc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe 14:39:29.0700 0x0cfc McProxy - ok 14:39:29.0715 0x0cfc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:39:29.0731 0x0cfc Mcx2Svc - ok 14:39:29.0746 0x0cfc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 14:39:29.0746 0x0cfc megasas - ok 14:39:29.0762 0x0cfc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:39:29.0778 0x0cfc MegaSR - ok 14:39:29.0824 0x0cfc [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 14:39:29.0824 0x0cfc MEIx64 - ok 14:39:29.0856 0x0cfc [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 14:39:29.0856 0x0cfc mfeapfk - ok 14:39:29.0871 0x0cfc [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 14:39:29.0887 0x0cfc mfeavfk - ok 14:39:29.0980 0x0cfc [ 28E4FB2E9918C2E680BE9FD8E130471C, DFD1738F2CC0743F2CD9754CAFFFFC4D38590AF8AD2E1159F8FEAC9E9922E4B8 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe 14:39:29.0996 0x0cfc mfecore - ok 14:39:30.0027 0x0cfc [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 14:39:30.0027 0x0cfc mfefire - ok 14:39:30.0058 0x0cfc [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 14:39:30.0074 0x0cfc mfefirek - ok 14:39:30.0105 0x0cfc [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 14:39:30.0121 0x0cfc mfehidk - ok 14:39:30.0152 0x0cfc [ 6CD9133BC4B5DF25FB8BCBC382C8466F, F3C938D1EDD61EE1B227112CB027804E0AAD16CBCDD67EEE1D8EAABDFC996BA1 ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys 14:39:30.0152 0x0cfc mfencbdc - ok 14:39:30.0168 0x0cfc [ 408DC249009CDB3C9B299716C861C64B, 3EFBFA8EE857CBF4C6A29E0D1DA38EB21B57D5BA1F6CC544503CA8253E9BFF12 ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys 14:39:30.0168 0x0cfc mfencrk - ok 14:39:30.0199 0x0cfc [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp C:\Windows\system32\mfevtps.exe 14:39:30.0199 0x0cfc mfevtp - ok 14:39:30.0214 0x0cfc [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 14:39:30.0214 0x0cfc mfewfpk - ok 14:39:30.0230 0x0cfc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 14:39:30.0230 0x0cfc MMCSS - ok 14:39:30.0246 0x0cfc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 14:39:30.0261 0x0cfc Modem - ok 14:39:30.0261 0x0cfc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:39:30.0261 0x0cfc monitor - ok 14:39:30.0277 0x0cfc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:39:30.0277 0x0cfc mouclass - ok 14:39:30.0292 0x0cfc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:39:30.0292 0x0cfc mouhid - ok 14:39:30.0292 0x0cfc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:39:30.0308 0x0cfc mountmgr - ok 14:39:30.0370 0x0cfc [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:39:30.0370 0x0cfc MozillaMaintenance - ok 14:39:30.0386 0x0cfc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 14:39:30.0386 0x0cfc mpio - ok 14:39:30.0402 0x0cfc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:39:30.0402 0x0cfc mpsdrv - ok 14:39:30.0433 0x0cfc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:39:30.0448 0x0cfc MpsSvc - ok 14:39:30.0464 0x0cfc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:39:30.0480 0x0cfc MRxDAV - ok 14:39:30.0495 0x0cfc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:39:30.0495 0x0cfc mrxsmb - ok 14:39:30.0516 0x0cfc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:39:30.0516 0x0cfc mrxsmb10 - ok 14:39:30.0531 0x0cfc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:39:30.0531 0x0cfc mrxsmb20 - ok 14:39:30.0547 0x0cfc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 14:39:30.0547 0x0cfc msahci - ok 14:39:30.0563 0x0cfc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:39:30.0563 0x0cfc msdsm - ok 14:39:30.0578 0x0cfc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 14:39:30.0594 0x0cfc MSDTC - ok 14:39:30.0594 0x0cfc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:39:30.0594 0x0cfc Msfs - ok 14:39:30.0609 0x0cfc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:39:30.0609 0x0cfc mshidkmdf - ok 14:39:30.0609 0x0cfc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:39:30.0609 0x0cfc msisadrv - ok 14:39:30.0641 0x0cfc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:39:30.0641 0x0cfc MSiSCSI - ok 14:39:30.0641 0x0cfc msiserver - ok

Thanks a ton for your help Adam! My name is King and the logs follow: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03 Ran by HIEXDP-GM (administrator) on HIEXDP-GM-PC on 25-08-2014 14:36:50 Running from C:\Users\HIEXDP-GM\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Wistron Corporation) C:\Program Files\DELLOSD\VolumeCtlSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Starfield Technologies) C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspaceupdate.exe (Starfield Technologies, LLC) C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe (Starfield Technologies) C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mhn\AlertHost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7507968 2012-01-29] (Dell Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [starfield Updater] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-07-29] (Starfield Technologies) HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [wben] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe [1569488 2013-09-16] (Starfield Technologies, LLC) HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [Workspace Status] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe [694760 2014-07-29] (Starfield Technologies) Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: off0 -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: off1 -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM - DefaultScope {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM-x32 - DefaultScope {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {64670A2B-9BE8-438E-964B-AB05114F095C} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy1sre.default FF Homepage: hxxp://google.com/ FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @starfield.com/off -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.) FF Plugin HKCU: @starfield.com/off64 -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.) FF Plugin HKCU: @starfield.com/wbe -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC) FF Plugin HKCU: @starfield.com/wbe64 -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC) FF Extension: WBE Paste - C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-07-29] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-26] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.) R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-20] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS) R2 VolumeCtlSrv; C:\Program Files\DELLOSD\VolumeCtlSrv.exe [217088 2012-02-02] (Wistron Corporation) [File not signed] R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6294016 2012-01-29] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-01-26] (Broadcom Corporation.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R3 PQAWRwa; C:\Program Files\DELLOSD\PQAWDrv.sys [12384 2008-03-01] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 14:36 - 2014-08-25 14:37 - 00017591 _____ () C:\Users\HIEXDP-GM\Desktop\FRST.txt 2014-08-25 14:35 - 2014-08-25 14:36 - 00000000 ____D () C:\FRST 2014-08-25 14:33 - 2014-08-25 14:33 - 00000713 _____ () C:\Users\HIEXDP-GM\Desktop\JRT.txt 2014-08-25 14:32 - 2014-08-22 09:50 - 01364531 _____ () C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe 2014-08-25 14:24 - 2014-08-25 14:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 14:15 - 2014-08-25 14:21 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\malware bytes 082514 1414pm.txt 2014-08-25 14:06 - 2014-08-25 14:06 - 01016261 _____ (Thisisu) C:\Users\HIEXDP-GM\Desktop\JRT.exe 2014-08-25 14:02 - 2014-08-25 14:02 - 02103296 _____ (Farbar) C:\Users\HIEXDP-GM\Desktop\FRST64.exe 2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setupact.log 2014-08-25 11:37 - 2014-08-25 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-23 03:02 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-23 03:02 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-23 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-23 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-23 03:02 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-23 03:02 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-23 03:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-23 03:02 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-22 11:30 - 2014-08-22 11:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-22 11:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-22 11:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-22 11:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-22 11:29 - 2014-08-22 11:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HIEXDP-GM\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-22 11:27 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-22 11:27 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-22 11:27 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-22 11:27 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-22 11:27 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-22 11:27 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-22 11:27 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-22 11:27 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-22 11:26 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-22 11:26 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-22 11:26 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-22 11:26 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-22 11:26 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-22 11:26 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-22 11:26 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-22 11:26 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-22 11:26 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-22 11:26 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-22 11:26 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-22 11:26 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-22 11:26 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-22 11:26 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-22 11:26 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-22 11:26 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-22 11:26 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-22 11:26 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-22 11:26 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-22 11:26 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-22 11:26 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-22 11:26 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-22 11:26 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-22 11:26 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-22 11:26 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-22 11:26 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-22 11:26 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-22 11:26 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-22 11:26 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-22 11:26 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-22 11:26 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-22 11:26 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-22 11:26 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-22 11:26 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-22 11:26 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-22 11:26 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-22 11:26 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-22 11:26 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-22 11:26 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-22 11:26 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-22 11:26 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-22 11:26 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-22 11:26 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-22 11:26 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-22 11:26 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-22 11:26 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-22 11:26 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-22 11:26 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-22 11:26 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-22 11:24 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-22 11:24 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-22 11:19 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-22 11:19 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-22 11:19 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-22 11:19 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-22 11:19 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-22 11:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-22 11:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-22 11:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-22 11:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-22 10:31 - 2014-08-22 10:32 - 00000000 ____D () C:\AdwCleaner 2014-08-22 10:30 - 2014-08-22 10:30 - 00027929 _____ () C:\ComboFix.txt 2014-08-22 10:23 - 2014-08-22 11:10 - 00000000 ____D () C:\Windows\erdnt 2014-08-22 10:21 - 2014-08-22 11:10 - 00000000 ____D () C:\Windows\Minidump 2014-08-22 10:03 - 2014-08-22 10:03 - 00000624 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe - Shortcut.lnk 2014-08-22 10:01 - 2014-08-22 10:30 - 00000000 ____D () C:\Qoobox 2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe.6qe9asl.partial 2014-08-22 09:42 - 2014-08-22 09:42 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\DownloadManagerSetup.exe.i6ps83g.partial 2014-08-22 09:39 - 2014-08-22 09:41 - 00002360 _____ () C:\Users\HIEXDP-GM\Desktop\Rkill.txt 2014-08-22 09:31 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Old Firefox Data 2014-08-22 08:52 - 2014-08-22 08:52 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com 2014-08-22 08:48 - 2014-08-22 11:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-22 08:48 - 2014-08-22 08:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-21 15:14 - 2014-08-21 15:14 - 00000000 _____ () C:\autoexec.bat 2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-21 14:33 - 2014-08-25 13:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-21 14:32 - 2014-08-22 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-21 14:32 - 2014-08-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-21 14:32 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-21 14:15 - 2014-08-21 14:15 - 00000779 _____ () C:\Users\HIEXDP-GM\Desktop\team ddp yoga text.txt 2014-08-21 13:59 - 2014-08-22 13:37 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Charge Backs 2014-08-19 12:15 - 2014-08-19 12:18 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Windows Live 2014-08-19 12:01 - 2014-08-19 13:21 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\HTC 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\HTC 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Apple Computer 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Apple Computer 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\.android 2014-08-19 11:56 - 2014-08-19 13:21 - 00000000 ____D () C:\ProgramData\HTC 2014-08-17 11:59 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-17 11:59 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-17 11:59 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-17 11:59 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-17 11:59 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-17 11:59 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-17 11:59 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-17 11:59 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-17 11:59 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-17 11:58 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-17 11:58 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-15 13:30 - 2014-08-15 13:30 - 00055560 _____ () C:\Users\HIEXDP-GM\Documents\FY2015_PerDiemRates.xlsx 2014-08-15 10:10 - 2014-08-15 10:10 - 02089724 _____ () C:\Users\HIEXDP-GM\Desktop\alstom 2015 rfp kick off call hotels.pptx 2014-08-11 11:20 - 2014-08-11 11:31 - 59390805 _____ () C:\Users\HIEXDP-GM\Desktop\IHG_AnywhereCheckIn_v03_1080_1.mp4 2014-08-07 13:15 - 2014-08-07 13:15 - 01465885 _____ () C:\Users\HIEXDP-GM\Downloads\blog-08-07-2014.xml 2014-08-05 12:07 - 2014-08-05 12:07 - 00000242 _____ () C:\Users\HIEXDP-GM\Documents\www txt.txt 2014-08-04 13:06 - 2014-08-13 11:38 - 00015816 _____ () C:\Users\HIEXDP-GM\Documents\working 2012 2013 reimbursement audit.xlsx 2014-08-01 09:03 - 2014-08-01 09:03 - 00280576 _____ () C:\Users\HIEXDP-GM\Documents\Newer ADA Room Types Worksheet Phase 2_purple sheet (2).xls 2014-07-31 12:29 - 2014-07-31 12:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Sun 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Maker3D 2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Configure 2014-07-31 12:24 - 2014-08-22 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker 2014-07-31 12:24 - 2014-07-31 12:24 - 00001128 _____ () C:\Users\Public\Desktop\Aurora 3D Text & Logo Maker.lnk 2014-07-31 12:23 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files (x86)\Aurora3D 2014-07-31 12:23 - 2011-09-13 17:58 - 00581632 _____ (Optima SC Inc.) C:\Windows\SysWOW64\vp8vfw.dll 2014-07-30 09:35 - 2014-07-30 09:35 - 00005632 _____ () C:\Users\HIEXDP-GM\Downloads\IHGHotels_RS_IHGHotels_GuestSummary_SurveyTopic-Summary.xls 2014-07-29 10:08 - 2014-07-29 10:08 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\offsync 2014-07-29 10:06 - 2014-07-29 10:07 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\desktoptools.lnk 2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace 2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Program Files (x86)\Workspace 2014-07-29 10:04 - 2014-07-29 10:07 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Workspace ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 14:37 - 2014-08-25 14:36 - 00017591 _____ () C:\Users\HIEXDP-GM\Desktop\FRST.txt 2014-08-25 14:36 - 2014-08-25 14:35 - 00000000 ____D () C:\FRST 2014-08-25 14:34 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-25 14:33 - 2014-08-25 14:33 - 00000713 _____ () C:\Users\HIEXDP-GM\Desktop\JRT.txt 2014-08-25 14:32 - 2014-01-26 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-25 14:24 - 2014-08-25 14:24 - 00000000 ____D () C:\Windows\ERUNT 2014-08-25 14:21 - 2014-08-25 14:15 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\malware bytes 082514 1414pm.txt 2014-08-25 14:07 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-25 14:07 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-25 14:06 - 2014-08-25 14:06 - 01016261 _____ (Thisisu) C:\Users\HIEXDP-GM\Desktop\JRT.exe 2014-08-25 14:02 - 2014-08-25 14:02 - 02103296 _____ (Farbar) C:\Users\HIEXDP-GM\Desktop\FRST64.exe 2014-08-25 13:40 - 2014-07-21 14:49 - 00011583 _____ () C:\Users\HIEXDP-GM\Documents\WWW Worksheet 072114.xlsx 2014-08-25 13:40 - 2014-03-30 14:30 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\Timesheets 2014-08-25 13:06 - 2014-08-21 14:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setupact.log 2014-08-25 13:01 - 2014-03-25 10:02 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-08-25 12:11 - 2014-06-24 14:47 - 01555128 _____ () C:\Windows\WindowsUpdate.log 2014-08-25 11:37 - 2014-08-25 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-08-23 03:36 - 2014-01-26 08:56 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-08-23 03:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-23 03:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-23 03:16 - 2014-03-27 12:39 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-22 13:37 - 2014-08-21 13:59 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Charge Backs 2014-08-22 12:13 - 2014-03-25 10:01 - 00105248 _____ () C:\Users\HIEXDP-GM\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-22 11:30 - 2014-08-22 11:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-22 11:30 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-22 11:30 - 2014-08-21 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-22 11:29 - 2014-08-22 11:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HIEXDP-GM\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-22 11:29 - 2014-01-26 08:53 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2014-08-22 11:15 - 2014-03-25 10:00 - 00000000 ____D () C:\Users\HIEXDP-GM 2014-08-22 11:12 - 2014-08-22 08:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-22 11:12 - 2014-07-31 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker 2014-08-22 11:12 - 2009-07-13 23:45 - 00387096 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-22 11:11 - 2014-07-31 12:23 - 00000000 ____D () C:\Program Files (x86)\Aurora3D 2014-08-22 11:11 - 2014-07-02 14:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-22 11:11 - 2014-01-26 08:53 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing 2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-08-22 11:10 - 2014-08-22 10:23 - 00000000 ____D () C:\Windows\erdnt 2014-08-22 11:10 - 2014-08-22 10:21 - 00000000 ____D () C:\Windows\Minidump 2014-08-22 11:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-08-22 11:08 - 2014-03-27 12:39 - 00000000 __RHD () C:\MSOCache 2014-08-22 10:32 - 2014-08-22 10:31 - 00000000 ____D () C:\AdwCleaner 2014-08-22 10:30 - 2014-08-22 10:30 - 00027929 _____ () C:\ComboFix.txt 2014-08-22 10:30 - 2014-08-22 10:01 - 00000000 ____D () C:\Qoobox 2014-08-22 10:03 - 2014-08-22 10:03 - 00000624 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe - Shortcut.lnk 2014-08-22 09:50 - 2014-08-25 14:32 - 01364531 _____ () C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe 2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe.6qe9asl.partial 2014-08-22 09:42 - 2014-08-22 09:42 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\DownloadManagerSetup.exe.i6ps83g.partial 2014-08-22 09:41 - 2014-08-22 09:39 - 00002360 _____ () C:\Users\HIEXDP-GM\Desktop\Rkill.txt 2014-08-22 09:32 - 2014-08-22 09:31 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Old Firefox Data 2014-08-22 08:52 - 2014-08-22 08:52 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com 2014-08-22 08:48 - 2014-08-22 08:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-21 15:14 - 2014-08-21 15:14 - 00000000 _____ () C:\autoexec.bat 2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-08-21 14:32 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-21 14:15 - 2014-08-21 14:15 - 00000779 _____ () C:\Users\HIEXDP-GM\Desktop\team ddp yoga text.txt 2014-08-19 13:21 - 2014-08-19 12:01 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\HTC 2014-08-19 13:21 - 2014-08-19 11:56 - 00000000 ____D () C:\ProgramData\HTC 2014-08-19 12:18 - 2014-08-19 12:15 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Windows Live 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\HTC 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Apple Computer 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Apple Computer 2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\.android 2014-08-19 11:56 - 2014-01-26 08:57 - 00000000 ____D () C:\Temp 2014-08-15 13:30 - 2014-08-15 13:30 - 00055560 _____ () C:\Users\HIEXDP-GM\Documents\FY2015_PerDiemRates.xlsx 2014-08-15 10:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-15 10:10 - 2014-08-15 10:10 - 02089724 _____ () C:\Users\HIEXDP-GM\Desktop\alstom 2015 rfp kick off call hotels.pptx 2014-08-13 11:38 - 2014-08-04 13:06 - 00015816 _____ () C:\Users\HIEXDP-GM\Documents\working 2012 2013 reimbursement audit.xlsx 2014-08-11 11:31 - 2014-08-11 11:20 - 59390805 _____ () C:\Users\HIEXDP-GM\Desktop\IHG_AnywhereCheckIn_v03_1080_1.mp4 2014-08-07 13:15 - 2014-08-07 13:15 - 01465885 _____ () C:\Users\HIEXDP-GM\Downloads\blog-08-07-2014.xml 2014-08-05 12:07 - 2014-08-05 12:07 - 00000242 _____ () C:\Users\HIEXDP-GM\Documents\www txt.txt 2014-08-01 09:03 - 2014-08-01 09:03 - 00280576 _____ () C:\Users\HIEXDP-GM\Documents\Newer ADA Room Types Worksheet Phase 2_purple sheet (2).xls 2014-07-31 18:41 - 2014-08-22 11:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-31 18:16 - 2014-08-22 11:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-31 12:29 - 2014-07-31 12:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-31 12:29 - 2014-07-31 12:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Sun 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Maker3D 2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Configure 2014-07-31 12:24 - 2014-07-31 12:24 - 00001128 _____ () C:\Users\Public\Desktop\Aurora 3D Text & Logo Maker.lnk 2014-07-31 09:53 - 2014-03-26 12:09 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-31 09:53 - 2014-03-26 12:09 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-30 09:35 - 2014-07-30 09:35 - 00005632 _____ () C:\Users\HIEXDP-GM\Downloads\IHGHotels_RS_IHGHotels_GuestSummary_SurveyTopic-Summary.xls 2014-07-29 11:30 - 2014-03-27 12:40 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Microsoft Help 2014-07-29 10:08 - 2014-07-29 10:08 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\offsync 2014-07-29 10:07 - 2014-07-29 10:06 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\desktoptools.lnk 2014-07-29 10:07 - 2014-07-29 10:04 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Workspace 2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace 2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Program Files (x86)\Workspace 2014-07-29 10:04 - 2014-07-02 14:58 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-18 14:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03 Ran by HIEXDP-GM at 2014-08-25 14:37:23 Running from C:\Users\HIEXDP-GM\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated) Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Aurora 3D Text & Logo Maker version 14.07.21 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 14.07.21 - Aurora3D Software) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) DELLOSD (HKLM-x32\...\{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}) (Version: 1.0.1.202 - DELL) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.31 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2100 - Broadcom Corporation) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. ) Workspace Desktop (HKCU\...\workspacedesktop) (Version: - Starfield Technologies) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1318888917-3662893499-1279507367-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\HIEXDP-GM\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-1318888917-3662893499-1279507367-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\HIEXDP-GM\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC) ==================== Restore Points ========================= 08-08-2014 14:46:46 Scheduled Checkpoint 18-08-2014 08:00:40 Windows Update 19-08-2014 14:39:16 Windows Update 21-08-2014 08:00:32 Windows Update 21-08-2014 20:13:16 Installed SpyHunter 22-08-2014 13:25:06 Removed SpyHunter 22-08-2014 16:06:26 Restore Operation 22-08-2014 16:18:38 Windows Update 23-08-2014 08:01:31 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2EF1BEEF-A1C9-4023-9F3D-9FFBB24A6305} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {60C570B2-9CF9-417F-9506-42E862D5855B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {83F62BDC-E1C7-46F7-9DCE-29BB9857000B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26] (Adobe Systems Incorporated) Task: {C4F0B19C-5628-47A5-B195-D5D8E1BA8FCE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {D63DDD41-268B-4F3A-8F1D-B63A5F46FF74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-26 10:06 - 2013-01-17 14:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-26 08:57 - 2013-08-19 10:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2014-01-26 08:57 - 2013-08-19 10:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2014-01-26 08:57 - 2013-08-19 10:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2014-01-26 08:36 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-08-22 10:28:58.154 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-22 10:28:58.108 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Pentium® CPU G2030T @ 2.60GHz Percentage of memory in use: 45% Total physical RAM: 3985.34 MB Available physical RAM: 2183.18 MB Total Pagefile: 7968.87 MB Available Pagefile: 5581.48 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:861.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 58DD646F) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Like others I am infected with that pesky flyclick.biz malware and malwarebytes doesn't recognize it. It keeps opening a Google Chrome window (Chrome not installed on machine) and spikes the processor. Attached is Malwarebytes log (can't cut and paste) ... can anybody help? malware bytes 082514 1414pm.txt