Jump to content

infected with flyclick.biz malware


Recommended Posts

  • Staff

Hello kingtalent, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. 

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log
Link to post
Share on other sites

Thanks a ton for your help Adam!  My name is King and the logs follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by HIEXDP-GM (administrator) on HIEXDP-GM-PC on 25-08-2014 14:36:50
Running from C:\Users\HIEXDP-GM\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Wistron Corporation) C:\Program Files\DELLOSD\VolumeCtlSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Starfield Technologies) C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mhn\AlertHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7507968 2012-01-29] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [starfield Updater] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-07-29] (Starfield Technologies)
HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [wben] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe [1569488 2013-09-16] (Starfield Technologies, LLC)
HKU\S-1-5-21-1318888917-3662893499-1279507367-1000\...\Run: [Workspace Status] => C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe [694760 2014-07-29] (Starfield Technologies)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: off0 -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: off1 -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {64670A2B-9BE8-438E-964B-AB05114F095C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {91505DCA-1240-4E69-84C3-DB1173EAEB9B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy1sre.default
FF Homepage: hxxp://google.com/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 -> C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\HIEXDP-GM\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-07-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-26]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-20] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
R2 VolumeCtlSrv; C:\Program Files\DELLOSD\VolumeCtlSrv.exe [217088 2012-02-02] (Wistron Corporation) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6294016 2012-01-29] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-01-26] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 PQAWRwa; C:\Program Files\DELLOSD\PQAWDrv.sys [12384 2008-03-01] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 14:36 - 2014-08-25 14:37 - 00017591 _____ () C:\Users\HIEXDP-GM\Desktop\FRST.txt
2014-08-25 14:35 - 2014-08-25 14:36 - 00000000 ____D () C:\FRST
2014-08-25 14:33 - 2014-08-25 14:33 - 00000713 _____ () C:\Users\HIEXDP-GM\Desktop\JRT.txt
2014-08-25 14:32 - 2014-08-22 09:50 - 01364531 _____ () C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe
2014-08-25 14:24 - 2014-08-25 14:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 14:15 - 2014-08-25 14:21 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\malware bytes 082514 1414pm.txt
2014-08-25 14:06 - 2014-08-25 14:06 - 01016261 _____ (Thisisu) C:\Users\HIEXDP-GM\Desktop\JRT.exe
2014-08-25 14:02 - 2014-08-25 14:02 - 02103296 _____ (Farbar) C:\Users\HIEXDP-GM\Desktop\FRST64.exe
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setupact.log
2014-08-25 11:37 - 2014-08-25 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-23 03:02 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-23 03:02 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-23 03:02 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-23 03:02 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 03:02 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-23 03:02 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-23 03:02 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-23 03:02 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-22 11:30 - 2014-08-22 11:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 11:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 11:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 11:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 11:29 - 2014-08-22 11:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HIEXDP-GM\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 11:27 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-22 11:27 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-22 11:27 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-22 11:27 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-22 11:27 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 11:27 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-22 11:27 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-22 11:27 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-22 11:26 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-22 11:26 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-22 11:26 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-22 11:26 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-22 11:26 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-22 11:26 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-22 11:26 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-22 11:26 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-22 11:26 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-22 11:26 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-22 11:26 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-22 11:26 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-22 11:26 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-22 11:26 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-22 11:26 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-22 11:26 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-22 11:26 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-22 11:26 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-22 11:26 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-22 11:26 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-22 11:26 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-22 11:26 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-22 11:26 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-22 11:26 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-22 11:26 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-22 11:26 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-22 11:26 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-22 11:26 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-22 11:26 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-22 11:26 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-22 11:26 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-22 11:26 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-22 11:26 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-22 11:26 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-22 11:26 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-22 11:26 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-22 11:26 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-22 11:26 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-22 11:26 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-22 11:26 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-22 11:26 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-22 11:26 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-22 11:26 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-22 11:26 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-22 11:26 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-22 11:26 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-22 11:26 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-22 11:26 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-22 11:26 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-22 11:24 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-22 11:24 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 11:19 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 11:19 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 11:19 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 11:19 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 11:19 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 11:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 11:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 11:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 11:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 10:31 - 2014-08-22 10:32 - 00000000 ____D () C:\AdwCleaner
2014-08-22 10:30 - 2014-08-22 10:30 - 00027929 _____ () C:\ComboFix.txt
2014-08-22 10:23 - 2014-08-22 11:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-22 10:21 - 2014-08-22 11:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-22 10:03 - 2014-08-22 10:03 - 00000624 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe - Shortcut.lnk
2014-08-22 10:01 - 2014-08-22 10:30 - 00000000 ____D () C:\Qoobox
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe.6qe9asl.partial
2014-08-22 09:42 - 2014-08-22 09:42 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\DownloadManagerSetup.exe.i6ps83g.partial
2014-08-22 09:39 - 2014-08-22 09:41 - 00002360 _____ () C:\Users\HIEXDP-GM\Desktop\Rkill.txt
2014-08-22 09:31 - 2014-08-22 09:32 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Old Firefox Data
2014-08-22 08:52 - 2014-08-22 08:52 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com
2014-08-22 08:48 - 2014-08-22 11:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-22 08:48 - 2014-08-22 08:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-21 15:14 - 2014-08-21 15:14 - 00000000 _____ () C:\autoexec.bat
2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-21 14:33 - 2014-08-25 13:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:32 - 2014-08-22 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 14:32 - 2014-08-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 14:32 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:15 - 2014-08-21 14:15 - 00000779 _____ () C:\Users\HIEXDP-GM\Desktop\team ddp yoga text.txt
2014-08-21 13:59 - 2014-08-22 13:37 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Charge Backs
2014-08-19 12:15 - 2014-08-19 12:18 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Windows Live
2014-08-19 12:01 - 2014-08-19 13:21 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\HTC
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\HTC
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Apple Computer
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Apple Computer
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\.android
2014-08-19 11:56 - 2014-08-19 13:21 - 00000000 ____D () C:\ProgramData\HTC
2014-08-17 11:59 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 11:59 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 11:59 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 11:59 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 11:59 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 11:59 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 11:59 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 11:59 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 11:59 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 11:58 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 11:58 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 13:30 - 2014-08-15 13:30 - 00055560 _____ () C:\Users\HIEXDP-GM\Documents\FY2015_PerDiemRates.xlsx
2014-08-15 10:10 - 2014-08-15 10:10 - 02089724 _____ () C:\Users\HIEXDP-GM\Desktop\alstom 2015 rfp kick off call hotels.pptx
2014-08-11 11:20 - 2014-08-11 11:31 - 59390805 _____ () C:\Users\HIEXDP-GM\Desktop\IHG_AnywhereCheckIn_v03_1080_1.mp4
2014-08-07 13:15 - 2014-08-07 13:15 - 01465885 _____ () C:\Users\HIEXDP-GM\Downloads\blog-08-07-2014.xml
2014-08-05 12:07 - 2014-08-05 12:07 - 00000242 _____ () C:\Users\HIEXDP-GM\Documents\www txt.txt
2014-08-04 13:06 - 2014-08-13 11:38 - 00015816 _____ () C:\Users\HIEXDP-GM\Documents\working 2012 2013 reimbursement audit.xlsx
2014-08-01 09:03 - 2014-08-01 09:03 - 00280576 _____ () C:\Users\HIEXDP-GM\Documents\Newer ADA Room Types Worksheet Phase 2_purple sheet (2).xls
2014-07-31 12:29 - 2014-07-31 12:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Sun
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Maker3D
2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Configure
2014-07-31 12:24 - 2014-08-22 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker
2014-07-31 12:24 - 2014-07-31 12:24 - 00001128 _____ () C:\Users\Public\Desktop\Aurora 3D Text & Logo Maker.lnk
2014-07-31 12:23 - 2014-08-22 11:11 - 00000000 ____D () C:\Program Files (x86)\Aurora3D
2014-07-31 12:23 - 2011-09-13 17:58 - 00581632 _____ (Optima SC Inc.) C:\Windows\SysWOW64\vp8vfw.dll
2014-07-30 09:35 - 2014-07-30 09:35 - 00005632 _____ () C:\Users\HIEXDP-GM\Downloads\IHGHotels_RS_IHGHotels_GuestSummary_SurveyTopic-Summary.xls
2014-07-29 10:08 - 2014-07-29 10:08 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\offsync
2014-07-29 10:06 - 2014-07-29 10:07 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\desktoptools.lnk
2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Program Files (x86)\Workspace
2014-07-29 10:04 - 2014-07-29 10:07 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Workspace

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 14:37 - 2014-08-25 14:36 - 00017591 _____ () C:\Users\HIEXDP-GM\Desktop\FRST.txt
2014-08-25 14:36 - 2014-08-25 14:35 - 00000000 ____D () C:\FRST
2014-08-25 14:34 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 14:33 - 2014-08-25 14:33 - 00000713 _____ () C:\Users\HIEXDP-GM\Desktop\JRT.txt
2014-08-25 14:32 - 2014-01-26 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 14:24 - 2014-08-25 14:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 14:21 - 2014-08-25 14:15 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\malware bytes 082514 1414pm.txt
2014-08-25 14:07 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 14:07 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 14:06 - 2014-08-25 14:06 - 01016261 _____ (Thisisu) C:\Users\HIEXDP-GM\Desktop\JRT.exe
2014-08-25 14:02 - 2014-08-25 14:02 - 02103296 _____ (Farbar) C:\Users\HIEXDP-GM\Desktop\FRST64.exe
2014-08-25 13:40 - 2014-07-21 14:49 - 00011583 _____ () C:\Users\HIEXDP-GM\Documents\WWW Worksheet 072114.xlsx
2014-08-25 13:40 - 2014-03-30 14:30 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\Timesheets
2014-08-25 13:06 - 2014-08-21 14:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 _____ () C:\Windows\setupact.log
2014-08-25 13:01 - 2014-03-25 10:02 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-25 12:11 - 2014-06-24 14:47 - 01555128 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 11:37 - 2014-08-25 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-23 03:36 - 2014-01-26 08:56 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-23 03:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 03:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-23 03:16 - 2014-03-27 12:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-22 13:37 - 2014-08-21 13:59 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Charge Backs
2014-08-22 12:13 - 2014-03-25 10:01 - 00105248 _____ () C:\Users\HIEXDP-GM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-22 11:30 - 2014-08-22 11:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 11:30 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 11:30 - 2014-08-21 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 11:29 - 2014-08-22 11:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\HIEXDP-GM\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 11:29 - 2014-01-26 08:53 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-08-22 11:15 - 2014-03-25 10:00 - 00000000 ____D () C:\Users\HIEXDP-GM
2014-08-22 11:12 - 2014-08-22 08:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-22 11:12 - 2014-07-31 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora 3D Text & Logo Maker
2014-08-22 11:12 - 2009-07-13 23:45 - 00387096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 11:11 - 2014-07-31 12:23 - 00000000 ____D () C:\Program Files (x86)\Aurora3D
2014-08-22 11:11 - 2014-07-02 14:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-22 11:11 - 2014-01-26 08:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-22 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-22 11:10 - 2014-08-22 10:23 - 00000000 ____D () C:\Windows\erdnt
2014-08-22 11:10 - 2014-08-22 10:21 - 00000000 ____D () C:\Windows\Minidump
2014-08-22 11:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-08-22 11:08 - 2014-03-27 12:39 - 00000000 __RHD () C:\MSOCache
2014-08-22 10:32 - 2014-08-22 10:31 - 00000000 ____D () C:\AdwCleaner
2014-08-22 10:30 - 2014-08-22 10:30 - 00027929 _____ () C:\ComboFix.txt
2014-08-22 10:30 - 2014-08-22 10:01 - 00000000 ____D () C:\Qoobox
2014-08-22 10:03 - 2014-08-22 10:03 - 00000624 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe - Shortcut.lnk
2014-08-22 09:50 - 2014-08-25 14:32 - 01364531 _____ () C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe
2014-08-22 09:48 - 2014-08-22 09:48 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\ComboFix.exe.6qe9asl.partial
2014-08-22 09:42 - 2014-08-22 09:42 - 00000000 _____ () C:\Users\HIEXDP-GM\Desktop\DownloadManagerSetup.exe.i6ps83g.partial
2014-08-22 09:41 - 2014-08-22 09:39 - 00002360 _____ () C:\Users\HIEXDP-GM\Desktop\Rkill.txt
2014-08-22 09:32 - 2014-08-22 09:31 - 00000000 ____D () C:\Users\HIEXDP-GM\Desktop\Old Firefox Data
2014-08-22 08:52 - 2014-08-22 08:52 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com
2014-08-22 08:48 - 2014-08-22 08:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-21 15:14 - 2014-08-21 15:14 - 00000000 _____ () C:\autoexec.bat
2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-21 14:32 - 2014-08-21 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:15 - 2014-08-21 14:15 - 00000779 _____ () C:\Users\HIEXDP-GM\Desktop\team ddp yoga text.txt
2014-08-19 13:21 - 2014-08-19 12:01 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\HTC
2014-08-19 13:21 - 2014-08-19 11:56 - 00000000 ____D () C:\ProgramData\HTC
2014-08-19 12:18 - 2014-08-19 12:15 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Windows Live
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\Documents\HTC
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Apple Computer
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Apple Computer
2014-08-19 12:00 - 2014-08-19 12:00 - 00000000 ____D () C:\Users\HIEXDP-GM\.android
2014-08-19 11:56 - 2014-01-26 08:57 - 00000000 ____D () C:\Temp
2014-08-15 13:30 - 2014-08-15 13:30 - 00055560 _____ () C:\Users\HIEXDP-GM\Documents\FY2015_PerDiemRates.xlsx
2014-08-15 10:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 10:10 - 2014-08-15 10:10 - 02089724 _____ () C:\Users\HIEXDP-GM\Desktop\alstom 2015 rfp kick off call hotels.pptx
2014-08-13 11:38 - 2014-08-04 13:06 - 00015816 _____ () C:\Users\HIEXDP-GM\Documents\working 2012 2013 reimbursement audit.xlsx
2014-08-11 11:31 - 2014-08-11 11:20 - 59390805 _____ () C:\Users\HIEXDP-GM\Desktop\IHG_AnywhereCheckIn_v03_1080_1.mp4
2014-08-07 13:15 - 2014-08-07 13:15 - 01465885 _____ () C:\Users\HIEXDP-GM\Downloads\blog-08-07-2014.xml
2014-08-05 12:07 - 2014-08-05 12:07 - 00000242 _____ () C:\Users\HIEXDP-GM\Documents\www txt.txt
2014-08-01 09:03 - 2014-08-01 09:03 - 00280576 _____ () C:\Users\HIEXDP-GM\Documents\Newer ADA Room Types Worksheet Phase 2_purple sheet (2).xls
2014-07-31 18:41 - 2014-08-22 11:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-22 11:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 12:29 - 2014-07-31 12:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-31 12:29 - 2014-07-31 12:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Sun
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 12:29 - 2014-07-31 12:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Maker3D
2014-07-31 12:25 - 2014-07-31 12:25 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Configure
2014-07-31 12:24 - 2014-07-31 12:24 - 00001128 _____ () C:\Users\Public\Desktop\Aurora 3D Text & Logo Maker.lnk
2014-07-31 09:53 - 2014-03-26 12:09 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 09:53 - 2014-03-26 12:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 09:35 - 2014-07-30 09:35 - 00005632 _____ () C:\Users\HIEXDP-GM\Downloads\IHGHotels_RS_IHGHotels_GuestSummary_SurveyTopic-Summary.xls
2014-07-29 11:30 - 2014-03-27 12:40 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Microsoft Help
2014-07-29 10:08 - 2014-07-29 10:08 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\offsync
2014-07-29 10:07 - 2014-07-29 10:06 - 00001081 _____ () C:\Users\HIEXDP-GM\Desktop\desktoptools.lnk
2014-07-29 10:07 - 2014-07-29 10:04 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Local\Workspace
2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2014-07-29 10:06 - 2014-07-29 10:06 - 00000000 ____D () C:\Program Files (x86)\Workspace
2014-07-29 10:04 - 2014-07-02 14:58 - 00000000 ____D () C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 14:18

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by HIEXDP-GM at 2014-08-25 14:37:23
Running from C:\Users\HIEXDP-GM\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Aurora 3D Text & Logo Maker version 14.07.21 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 14.07.21 - Aurora3D Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}) (Version: 1.0.1.202 - DELL)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.31 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2100 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1318888917-3662893499-1279507367-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\HIEXDP-GM\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-1318888917-3662893499-1279507367-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\HIEXDP-GM\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)

==================== Restore Points  =========================

08-08-2014 14:46:46 Scheduled Checkpoint
18-08-2014 08:00:40 Windows Update
19-08-2014 14:39:16 Windows Update
21-08-2014 08:00:32 Windows Update
21-08-2014 20:13:16 Installed SpyHunter
22-08-2014 13:25:06 Removed SpyHunter
22-08-2014 16:06:26 Restore Operation
22-08-2014 16:18:38 Windows Update
23-08-2014 08:01:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2EF1BEEF-A1C9-4023-9F3D-9FFBB24A6305} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {60C570B2-9CF9-417F-9506-42E862D5855B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {83F62BDC-E1C7-46F7-9DCE-29BB9857000B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26] (Adobe Systems Incorporated)
Task: {C4F0B19C-5628-47A5-B195-D5D8E1BA8FCE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {D63DDD41-268B-4F3A-8F1D-B63A5F46FF74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-26 10:06 - 2013-01-17 14:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-26 08:57 - 2013-08-19 10:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-01-26 08:57 - 2013-08-19 10:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-01-26 08:57 - 2013-08-19 10:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-01-26 08:36 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-22 10:28:58.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-22 10:28:58.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030T @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 3985.34 MB
Available physical RAM: 2183.18 MB
Total Pagefile: 7968.87 MB
Available Pagefile: 5581.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:861.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 58DD646F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Am breaking up the TDSSKiller log as it will not let me post the entire thing:

 

14:38:43.0541 0x0200  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:38:48.0845 0x0200  ============================================================
14:38:48.0845 0x0200  Current date / time: 2014/08/25 14:38:48.0845
14:38:48.0845 0x0200  SystemInfo:
14:38:48.0845 0x0200  
14:38:48.0845 0x0200  OS Version: 6.1.7601 ServicePack: 1.0
14:38:48.0845 0x0200  Product type: Workstation
14:38:48.0845 0x0200  ComputerName: HIEXDP-GM-PC
14:38:48.0845 0x0200  UserName: HIEXDP-GM
14:38:48.0845 0x0200  Windows directory: C:\Windows
14:38:48.0845 0x0200  System windows directory: C:\Windows
14:38:48.0845 0x0200  Running under WOW64
14:38:48.0845 0x0200  Processor architecture: Intel x64
14:38:48.0845 0x0200  Number of processors: 2
14:38:48.0845 0x0200  Page size: 0x1000
14:38:48.0845 0x0200  Boot type: Normal boot
14:38:48.0845 0x0200  ============================================================
14:38:50.0784 0x0200  KLMD registered as C:\Windows\system32\drivers\37858966.sys
14:38:51.0112 0x0200  System UUID: {9DC437FF-CD7F-E336-EA6E-B94CA0A603C3}
14:38:51.0673 0x0200  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:38:51.0689 0x0200  ============================================================
14:38:51.0689 0x0200  \Device\Harddisk0\DR0:
14:38:51.0689 0x0200  MBR partitions:
14:38:51.0689 0x0200  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2B55000
14:38:51.0689 0x0200  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2B69000, BlocksNum 0x71B9D000
14:38:51.0689 0x0200  ============================================================
14:38:51.0705 0x0200  C: <-> \Device\Harddisk0\DR0\Partition2
14:38:51.0705 0x0200  ============================================================
14:38:51.0705 0x0200  Initialize success
14:38:51.0705 0x0200  ============================================================
14:39:19.0064 0x0cfc  ============================================================
14:39:19.0064 0x0cfc  Scan started
14:39:19.0064 0x0cfc  Mode: Manual; TDLFS;
14:39:19.0064 0x0cfc  ============================================================
14:39:19.0064 0x0cfc  KSN ping started
14:39:22.0173 0x0cfc  KSN ping finished: true
14:39:23.0239 0x0cfc  ================ Scan system memory ========================
14:39:23.0239 0x0cfc  System memory - ok
14:39:23.0239 0x0cfc  ================ Scan services =============================
14:39:23.0333 0x0cfc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:39:23.0348 0x0cfc  1394ohci - ok
14:39:23.0380 0x0cfc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:39:23.0380 0x0cfc  ACPI - ok
14:39:23.0395 0x0cfc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:39:23.0395 0x0cfc  AcpiPmi - ok
14:39:23.0458 0x0cfc  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:39:23.0458 0x0cfc  AdobeARMservice - ok
14:39:23.0551 0x0cfc  [ 438F31336B3DC248ABC632F1C8F34A24, 94C1218E7EC2EC6D4870A6FDC118097D7D3A359DA073DCD3A9770F399F830991 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:23.0567 0x0cfc  AdobeFlashPlayerUpdateSvc - ok
14:39:23.0582 0x0cfc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:39:23.0582 0x0cfc  adp94xx - ok
14:39:23.0614 0x0cfc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:39:23.0614 0x0cfc  adpahci - ok
14:39:23.0614 0x0cfc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:39:23.0629 0x0cfc  adpu320 - ok
14:39:23.0645 0x0cfc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:39:23.0645 0x0cfc  AeLookupSvc - ok
14:39:23.0707 0x0cfc  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:39:23.0707 0x0cfc  AERTFilters - ok
14:39:23.0738 0x0cfc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:39:23.0754 0x0cfc  AFD - ok
14:39:23.0754 0x0cfc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:39:23.0754 0x0cfc  agp440 - ok
14:39:23.0770 0x0cfc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:39:23.0770 0x0cfc  ALG - ok
14:39:23.0785 0x0cfc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:39:23.0785 0x0cfc  aliide - ok
14:39:23.0801 0x0cfc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:39:23.0801 0x0cfc  amdide - ok
14:39:23.0801 0x0cfc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:39:23.0816 0x0cfc  AmdK8 - ok
14:39:23.0816 0x0cfc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:39:23.0816 0x0cfc  AmdPPM - ok
14:39:23.0848 0x0cfc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:39:23.0848 0x0cfc  amdsata - ok
14:39:23.0848 0x0cfc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:39:23.0863 0x0cfc  amdsbs - ok
14:39:23.0879 0x0cfc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:39:23.0879 0x0cfc  amdxata - ok
14:39:23.0879 0x0cfc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:39:23.0894 0x0cfc  AppID - ok
14:39:23.0910 0x0cfc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:39:23.0910 0x0cfc  AppIDSvc - ok
14:39:23.0926 0x0cfc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:39:23.0926 0x0cfc  Appinfo - ok
14:39:23.0926 0x0cfc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:39:23.0926 0x0cfc  arc - ok
14:39:23.0941 0x0cfc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:39:23.0941 0x0cfc  arcsas - ok
14:39:23.0988 0x0cfc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:39:23.0988 0x0cfc  aspnet_state - ok
14:39:24.0004 0x0cfc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:39:24.0004 0x0cfc  AsyncMac - ok
14:39:24.0035 0x0cfc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:39:24.0035 0x0cfc  atapi - ok
14:39:24.0066 0x0cfc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:39:24.0066 0x0cfc  AudioEndpointBuilder - ok
14:39:24.0097 0x0cfc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:39:24.0097 0x0cfc  AudioSrv - ok
14:39:24.0113 0x0cfc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:39:24.0113 0x0cfc  AxInstSV - ok
14:39:24.0128 0x0cfc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:39:24.0144 0x0cfc  b06bdrv - ok
14:39:24.0144 0x0cfc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:39:24.0144 0x0cfc  b57nd60a - ok
14:39:24.0206 0x0cfc  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
14:39:24.0206 0x0cfc  bcbtums - ok
14:39:24.0253 0x0cfc  [ 9E889F80A9D16639DF7EEA5B532844DF, 6A84F310B97975B789C1D96CE6D8FBCB20CFFB71089773EEAA8E6DC5F01EFAE8 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
14:39:24.0253 0x0cfc  BCM42RLY - ok
14:39:24.0409 0x0cfc  [ D53824382B2D50EBBE8B133D0CE39775, FCB5849B6CDEFE771390412048AFFA0C21BE50E7CC4316EBA1CAD450AA585827 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:39:24.0505 0x0cfc  BCM43XX - ok
14:39:24.0555 0x0cfc  [ 52752A34FE0D4105CC814F5CC539132B, CCB3A4DDC6DD18B17613220E6DF09A43032362EFD22EA1058C5A6E9C6CED63EE ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
14:39:24.0555 0x0cfc  BcmVWL - ok
14:39:24.0570 0x0cfc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:39:24.0570 0x0cfc  BDESVC - ok
14:39:24.0586 0x0cfc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:39:24.0586 0x0cfc  Beep - ok
14:39:24.0617 0x0cfc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:39:24.0617 0x0cfc  BFE - ok
14:39:24.0664 0x0cfc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:39:24.0679 0x0cfc  BITS - ok
14:39:24.0695 0x0cfc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:39:24.0695 0x0cfc  blbdrive - ok
14:39:24.0695 0x0cfc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:39:24.0711 0x0cfc  bowser - ok
14:39:24.0711 0x0cfc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:39:24.0711 0x0cfc  BrFiltLo - ok
14:39:24.0711 0x0cfc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:39:24.0711 0x0cfc  BrFiltUp - ok
14:39:24.0726 0x0cfc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:39:24.0742 0x0cfc  Browser - ok
14:39:24.0742 0x0cfc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:39:24.0757 0x0cfc  Brserid - ok
14:39:24.0757 0x0cfc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:39:24.0757 0x0cfc  BrSerWdm - ok
14:39:24.0773 0x0cfc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:39:24.0773 0x0cfc  BrUsbMdm - ok
14:39:24.0773 0x0cfc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:39:24.0773 0x0cfc  BrUsbSer - ok
14:39:24.0789 0x0cfc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:39:24.0789 0x0cfc  BthEnum - ok
14:39:24.0789 0x0cfc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:39:24.0804 0x0cfc  BTHMODEM - ok
14:39:24.0820 0x0cfc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:39:24.0820 0x0cfc  BthPan - ok
14:39:24.0835 0x0cfc  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:39:24.0851 0x0cfc  BTHPORT - ok
14:39:24.0851 0x0cfc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:39:24.0851 0x0cfc  bthserv - ok
14:39:24.0867 0x0cfc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:39:24.0867 0x0cfc  BTHUSB - ok
14:39:24.0898 0x0cfc  [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
14:39:24.0913 0x0cfc  btwampfl - ok
14:39:24.0929 0x0cfc  [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:39:24.0929 0x0cfc  btwaudio - ok
14:39:24.0945 0x0cfc  [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:39:24.0945 0x0cfc  btwavdt - ok
14:39:25.0038 0x0cfc  [ F854871C9CB25FE21DA0233289BE3F0A, 4477FC0E0BEA0662FDA912AADECE9EAC0773D3C2B3EB3373B0C3AD0FB2146979 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:39:25.0054 0x0cfc  btwdins - ok
14:39:25.0054 0x0cfc  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:39:25.0054 0x0cfc  btwl2cap - ok
14:39:25.0069 0x0cfc  [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:39:25.0069 0x0cfc  btwrchid - ok
14:39:25.0069 0x0cfc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:39:25.0069 0x0cfc  cdfs - ok
14:39:25.0116 0x0cfc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:39:25.0116 0x0cfc  cdrom - ok
14:39:25.0147 0x0cfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:39:25.0147 0x0cfc  CertPropSvc - ok
14:39:25.0194 0x0cfc  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\Windows\system32\drivers\cfwids.sys
14:39:25.0194 0x0cfc  cfwids - ok
14:39:25.0210 0x0cfc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:39:25.0210 0x0cfc  circlass - ok
14:39:25.0241 0x0cfc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:39:25.0241 0x0cfc  CLFS - ok
14:39:25.0303 0x0cfc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:25.0303 0x0cfc  clr_optimization_v2.0.50727_32 - ok
14:39:25.0335 0x0cfc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:39:25.0335 0x0cfc  clr_optimization_v2.0.50727_64 - ok
14:39:25.0366 0x0cfc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:39:25.0366 0x0cfc  clr_optimization_v4.0.30319_32 - ok
14:39:25.0381 0x0cfc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:39:25.0397 0x0cfc  clr_optimization_v4.0.30319_64 - ok
14:39:25.0413 0x0cfc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:39:25.0413 0x0cfc  CmBatt - ok
14:39:25.0413 0x0cfc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:39:25.0413 0x0cfc  cmdide - ok
14:39:25.0444 0x0cfc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:39:25.0459 0x0cfc  CNG - ok
14:39:25.0475 0x0cfc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:39:25.0475 0x0cfc  Compbatt - ok
14:39:25.0491 0x0cfc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:39:25.0491 0x0cfc  CompositeBus - ok
14:39:25.0491 0x0cfc  COMSysApp - ok
14:39:25.0553 0x0cfc  [ 7227817CEAB3F0B1F0FAA79FB100DCD7, 82BDF5FD6398384E1D4913F641C2FEA08D89A14473BF498D4C597BC24CA8D990 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:39:25.0553 0x0cfc  cphs - ok
14:39:25.0569 0x0cfc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:39:25.0569 0x0cfc  crcdisk - ok
14:39:25.0584 0x0cfc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:39:25.0584 0x0cfc  CryptSvc - ok
14:39:25.0615 0x0cfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:39:25.0631 0x0cfc  DcomLaunch - ok
14:39:25.0647 0x0cfc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:39:25.0662 0x0cfc  defragsvc - ok
14:39:25.0756 0x0cfc  [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
14:39:25.0756 0x0cfc  DellDigitalDelivery - ok
14:39:25.0771 0x0cfc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:39:25.0771 0x0cfc  DfsC - ok
14:39:25.0787 0x0cfc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:39:25.0803 0x0cfc  Dhcp - ok
14:39:25.0818 0x0cfc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:39:25.0818 0x0cfc  discache - ok
14:39:25.0834 0x0cfc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:39:25.0834 0x0cfc  Disk - ok
14:39:25.0865 0x0cfc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:39:25.0865 0x0cfc  Dnscache - ok
14:39:25.0896 0x0cfc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:39:25.0896 0x0cfc  dot3svc - ok
14:39:25.0912 0x0cfc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:39:25.0912 0x0cfc  DPS - ok
14:39:25.0959 0x0cfc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:39:25.0959 0x0cfc  drmkaud - ok
14:39:26.0021 0x0cfc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:39:26.0037 0x0cfc  DXGKrnl - ok
14:39:26.0052 0x0cfc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:39:26.0052 0x0cfc  EapHost - ok
14:39:26.0146 0x0cfc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:39:26.0193 0x0cfc  ebdrv - ok
14:39:26.0224 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:39:26.0224 0x0cfc  EFS - ok
14:39:26.0286 0x0cfc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:39:26.0302 0x0cfc  ehRecvr - ok
14:39:26.0317 0x0cfc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:39:26.0317 0x0cfc  ehSched - ok
14:39:26.0349 0x0cfc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:39:26.0364 0x0cfc  elxstor - ok
14:39:26.0364 0x0cfc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:39:26.0364 0x0cfc  ErrDev - ok
14:39:26.0411 0x0cfc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:39:26.0427 0x0cfc  EventSystem - ok
14:39:26.0442 0x0cfc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:39:26.0442 0x0cfc  exfat - ok
14:39:26.0458 0x0cfc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:39:26.0458 0x0cfc  fastfat - ok
14:39:26.0489 0x0cfc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:39:26.0489 0x0cfc  Fax - ok
14:39:26.0505 0x0cfc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:39:26.0507 0x0cfc  fdc - ok
14:39:26.0512 0x0cfc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:39:26.0512 0x0cfc  fdPHost - ok
14:39:26.0528 0x0cfc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:39:26.0528 0x0cfc  FDResPub - ok
14:39:26.0606 0x0cfc  [ 49E2E2C62D1A8FDEA2DDFF1778190FE3, 6D6FDABA9EE723EB63433AA0265A1931137FB0971D78B478BA33FD26A502940A ] File Backup     C:\Program Files (x86)\Workspace\offSyncService.exe
14:39:26.0621 0x0cfc  File Backup - ok
14:39:26.0637 0x0cfc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:39:26.0637 0x0cfc  FileInfo - ok
14:39:26.0653 0x0cfc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:39:26.0653 0x0cfc  Filetrace - ok
14:39:26.0653 0x0cfc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:39:26.0653 0x0cfc  flpydisk - ok
14:39:26.0668 0x0cfc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:39:26.0668 0x0cfc  FltMgr - ok
14:39:26.0762 0x0cfc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:39:26.0777 0x0cfc  FontCache - ok
14:39:26.0809 0x0cfc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:39:26.0824 0x0cfc  FontCache3.0.0.0 - ok
14:39:26.0840 0x0cfc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:39:26.0840 0x0cfc  FsDepends - ok
14:39:26.0855 0x0cfc  [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:39:26.0871 0x0cfc  fssfltr - ok
14:39:26.0933 0x0cfc  [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:39:26.0965 0x0cfc  fsssvc - ok
14:39:26.0980 0x0cfc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:39:26.0980 0x0cfc  Fs_Rec - ok
14:39:26.0996 0x0cfc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:39:26.0996 0x0cfc  fvevol - ok
14:39:27.0011 0x0cfc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:39:27.0011 0x0cfc  gagp30kx - ok
14:39:27.0043 0x0cfc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:39:27.0058 0x0cfc  gpsvc - ok
14:39:27.0074 0x0cfc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:39:27.0074 0x0cfc  hcw85cir - ok
14:39:27.0136 0x0cfc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:39:27.0152 0x0cfc  HdAudAddService - ok
14:39:27.0183 0x0cfc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:39:27.0199 0x0cfc  HDAudBus - ok
14:39:27.0199 0x0cfc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:39:27.0199 0x0cfc  HidBatt - ok
14:39:27.0214 0x0cfc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:39:27.0214 0x0cfc  HidBth - ok
14:39:27.0245 0x0cfc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:39:27.0245 0x0cfc  HidIr - ok
14:39:27.0261 0x0cfc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:39:27.0261 0x0cfc  hidserv - ok
14:39:27.0277 0x0cfc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:39:27.0292 0x0cfc  HidUsb - ok
14:39:27.0339 0x0cfc  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
14:39:27.0355 0x0cfc  HipShieldK - ok
14:39:27.0370 0x0cfc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:39:27.0386 0x0cfc  hkmsvc - ok
14:39:27.0386 0x0cfc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:39:27.0401 0x0cfc  HomeGroupListener - ok
14:39:27.0417 0x0cfc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:39:27.0433 0x0cfc  HomeGroupProvider - ok
14:39:27.0511 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:39:27.0511 0x0cfc  HomeNetSvc - ok
14:39:27.0526 0x0cfc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:39:27.0526 0x0cfc  HpSAMD - ok
14:39:27.0557 0x0cfc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:39:27.0573 0x0cfc  HTTP - ok
14:39:27.0573 0x0cfc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:39:27.0573 0x0cfc  hwpolicy - ok
14:39:27.0589 0x0cfc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:39:27.0589 0x0cfc  i8042prt - ok
14:39:27.0620 0x0cfc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:39:27.0620 0x0cfc  iaStorV - ok
14:39:27.0682 0x0cfc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:39:27.0698 0x0cfc  idsvc - ok
14:39:27.0698 0x0cfc  IEEtwCollectorService - ok
14:39:27.0838 0x0cfc  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:39:27.0932 0x0cfc  igfx - ok
14:39:27.0963 0x0cfc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:39:27.0963 0x0cfc  iirsp - ok
14:39:27.0994 0x0cfc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:39:28.0010 0x0cfc  IKEEXT - ok
14:39:28.0150 0x0cfc  [ E4FD2A81EF844C01E3BA6FBED1644A23, 022419EDDA4694536FD677EB3C6BA79A0B318982F0F7644918FD828D1FF64758 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:39:28.0228 0x0cfc  IntcAzAudAddService - ok
14:39:28.0306 0x0cfc  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
14:39:28.0322 0x0cfc  Intel® Capability Licensing Service Interface - ok
14:39:28.0337 0x0cfc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:39:28.0337 0x0cfc  intelide - ok
14:39:28.0353 0x0cfc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:39:28.0353 0x0cfc  intelppm - ok
14:39:28.0369 0x0cfc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:39:28.0369 0x0cfc  IPBusEnum - ok
14:39:28.0384 0x0cfc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:39:28.0384 0x0cfc  IpFilterDriver - ok
14:39:28.0400 0x0cfc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:39:28.0415 0x0cfc  iphlpsvc - ok
14:39:28.0415 0x0cfc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:39:28.0431 0x0cfc  IPMIDRV - ok
14:39:28.0431 0x0cfc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:39:28.0431 0x0cfc  IPNAT - ok
14:39:28.0447 0x0cfc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:39:28.0447 0x0cfc  IRENUM - ok
14:39:28.0447 0x0cfc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:39:28.0447 0x0cfc  isapnp - ok
14:39:28.0478 0x0cfc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:39:28.0478 0x0cfc  iScsiPrt - ok
14:39:28.0509 0x0cfc  [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
14:39:28.0511 0x0cfc  itecir - ok
14:39:28.0561 0x0cfc  [ DBD76BC1D498FE368F2C8CB76C3E00A4, CDFB082B57807CE89509A16D1C8A5BAEEC026EDD7068F5E359AA50557D2525DC ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:39:28.0561 0x0cfc  jhi_service - ok
14:39:28.0576 0x0cfc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:39:28.0576 0x0cfc  kbdclass - ok
14:39:28.0592 0x0cfc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:39:28.0592 0x0cfc  kbdhid - ok
14:39:28.0608 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:39:28.0608 0x0cfc  KeyIso - ok
14:39:28.0623 0x0cfc  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:39:28.0623 0x0cfc  KSecDD - ok
14:39:28.0639 0x0cfc  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:39:28.0639 0x0cfc  KSecPkg - ok
14:39:28.0654 0x0cfc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:39:28.0654 0x0cfc  ksthunk - ok
14:39:28.0686 0x0cfc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:39:28.0686 0x0cfc  KtmRm - ok
14:39:28.0732 0x0cfc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:39:28.0732 0x0cfc  LanmanServer - ok
14:39:28.0764 0x0cfc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:39:28.0764 0x0cfc  LanmanWorkstation - ok
14:39:28.0779 0x0cfc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:39:28.0779 0x0cfc  lltdio - ok
14:39:28.0810 0x0cfc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:39:28.0826 0x0cfc  lltdsvc - ok
14:39:28.0842 0x0cfc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:39:28.0842 0x0cfc  lmhosts - ok
14:39:28.0888 0x0cfc  [ 86E4CC39C953D11EF57CF54C4DC78238, 076973CA22E8BA94877241EC39D97612C32F3E744E026FA0E518C4DDE8277A55 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:39:28.0904 0x0cfc  LMS - ok
14:39:28.0951 0x0cfc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:39:28.0951 0x0cfc  LSI_FC - ok
14:39:28.0966 0x0cfc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:39:28.0966 0x0cfc  LSI_SAS - ok
14:39:28.0966 0x0cfc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:39:28.0966 0x0cfc  LSI_SAS2 - ok
14:39:28.0982 0x0cfc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:39:28.0982 0x0cfc  LSI_SCSI - ok
14:39:28.0998 0x0cfc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:39:28.0998 0x0cfc  luafv - ok
14:39:29.0029 0x0cfc  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:39:29.0029 0x0cfc  MBAMProtector - ok
14:39:29.0107 0x0cfc  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
14:39:29.0138 0x0cfc  MBAMScheduler - ok
14:39:29.0169 0x0cfc  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
14:39:29.0185 0x0cfc  MBAMService - ok
14:39:29.0247 0x0cfc  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:39:29.0263 0x0cfc  MBAMSwissArmy - ok
14:39:29.0263 0x0cfc  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:39:29.0278 0x0cfc  MBAMWebAccessControl - ok
14:39:29.0356 0x0cfc  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
14:39:29.0356 0x0cfc  McAPExe - ok
14:39:29.0434 0x0cfc  [ 7E6A605BF5211D1A065698FEF9894B7F, 7AF0427E47678A428BDB2FB05787D43EB11F731481173260F2B8D265783C1587 ] McAWFwk         c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
14:39:29.0434 0x0cfc  McAWFwk - ok
14:39:29.0466 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:39:29.0466 0x0cfc  McMPFSvc - ok
14:39:29.0481 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
14:39:29.0497 0x0cfc  McNaiAnn - ok
14:39:29.0606 0x0cfc  [ 7F8446D8AD9161B34DC7C209FB148A5A, 26B07EB138992586FC410849172A63ACC26D99ED59B568EFF9C93ED2EB129453 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
14:39:29.0622 0x0cfc  McODS - ok
14:39:29.0622 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McOobeSv2       C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
14:39:29.0637 0x0cfc  McOobeSv2 - ok
14:39:29.0653 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
14:39:29.0668 0x0cfc  mcpltsvc - ok
14:39:29.0684 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
14:39:29.0700 0x0cfc  McProxy - ok
14:39:29.0715 0x0cfc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:39:29.0731 0x0cfc  Mcx2Svc - ok
14:39:29.0746 0x0cfc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:39:29.0746 0x0cfc  megasas - ok
14:39:29.0762 0x0cfc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:39:29.0778 0x0cfc  MegaSR - ok
14:39:29.0824 0x0cfc  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:39:29.0824 0x0cfc  MEIx64 - ok
14:39:29.0856 0x0cfc  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
14:39:29.0856 0x0cfc  mfeapfk - ok
14:39:29.0871 0x0cfc  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
14:39:29.0887 0x0cfc  mfeavfk - ok
14:39:29.0980 0x0cfc  [ 28E4FB2E9918C2E680BE9FD8E130471C, DFD1738F2CC0743F2CD9754CAFFFFC4D38590AF8AD2E1159F8FEAC9E9922E4B8 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
14:39:29.0996 0x0cfc  mfecore - ok
14:39:30.0027 0x0cfc  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:39:30.0027 0x0cfc  mfefire - ok
14:39:30.0058 0x0cfc  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
14:39:30.0074 0x0cfc  mfefirek - ok
14:39:30.0105 0x0cfc  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
14:39:30.0121 0x0cfc  mfehidk - ok
14:39:30.0152 0x0cfc  [ 6CD9133BC4B5DF25FB8BCBC382C8466F, F3C938D1EDD61EE1B227112CB027804E0AAD16CBCDD67EEE1D8EAABDFC996BA1 ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
14:39:30.0152 0x0cfc  mfencbdc - ok
14:39:30.0168 0x0cfc  [ 408DC249009CDB3C9B299716C861C64B, 3EFBFA8EE857CBF4C6A29E0D1DA38EB21B57D5BA1F6CC544503CA8253E9BFF12 ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
14:39:30.0168 0x0cfc  mfencrk - ok
14:39:30.0199 0x0cfc  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\Windows\system32\mfevtps.exe
14:39:30.0199 0x0cfc  mfevtp - ok
14:39:30.0214 0x0cfc  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
14:39:30.0214 0x0cfc  mfewfpk - ok
14:39:30.0230 0x0cfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:39:30.0230 0x0cfc  MMCSS - ok
14:39:30.0246 0x0cfc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:39:30.0261 0x0cfc  Modem - ok
14:39:30.0261 0x0cfc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:39:30.0261 0x0cfc  monitor - ok
14:39:30.0277 0x0cfc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:39:30.0277 0x0cfc  mouclass - ok
14:39:30.0292 0x0cfc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:39:30.0292 0x0cfc  mouhid - ok
14:39:30.0292 0x0cfc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:39:30.0308 0x0cfc  mountmgr - ok
14:39:30.0370 0x0cfc  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:39:30.0370 0x0cfc  MozillaMaintenance - ok
14:39:30.0386 0x0cfc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:39:30.0386 0x0cfc  mpio - ok
14:39:30.0402 0x0cfc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:39:30.0402 0x0cfc  mpsdrv - ok
14:39:30.0433 0x0cfc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:39:30.0448 0x0cfc  MpsSvc - ok
14:39:30.0464 0x0cfc  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:39:30.0480 0x0cfc  MRxDAV - ok
14:39:30.0495 0x0cfc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:39:30.0495 0x0cfc  mrxsmb - ok
14:39:30.0516 0x0cfc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:39:30.0516 0x0cfc  mrxsmb10 - ok
14:39:30.0531 0x0cfc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:39:30.0531 0x0cfc  mrxsmb20 - ok
14:39:30.0547 0x0cfc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:39:30.0547 0x0cfc  msahci - ok
14:39:30.0563 0x0cfc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:39:30.0563 0x0cfc  msdsm - ok
14:39:30.0578 0x0cfc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:39:30.0594 0x0cfc  MSDTC - ok
14:39:30.0594 0x0cfc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:39:30.0594 0x0cfc  Msfs - ok
14:39:30.0609 0x0cfc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:39:30.0609 0x0cfc  mshidkmdf - ok
14:39:30.0609 0x0cfc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:39:30.0609 0x0cfc  msisadrv - ok
14:39:30.0641 0x0cfc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:39:30.0641 0x0cfc  MSiSCSI - ok
14:39:30.0641 0x0cfc  msiserver - ok
 

Link to post
Share on other sites

14:39:30.0687 0x0cfc  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:39:30.0703 0x0cfc  MSK80Service - ok
14:39:30.0719 0x0cfc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:39:30.0719 0x0cfc  MSKSSRV - ok
14:39:30.0719 0x0cfc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:39:30.0719 0x0cfc  MSPCLOCK - ok
14:39:30.0750 0x0cfc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:39:30.0750 0x0cfc  MSPQM - ok
14:39:30.0765 0x0cfc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:39:30.0781 0x0cfc  MsRPC - ok
14:39:30.0781 0x0cfc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:39:30.0781 0x0cfc  mssmbios - ok
14:39:30.0797 0x0cfc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:39:30.0797 0x0cfc  MSTEE - ok
14:39:30.0797 0x0cfc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:39:30.0797 0x0cfc  MTConfig - ok
14:39:30.0812 0x0cfc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:39:30.0828 0x0cfc  Mup - ok
14:39:30.0859 0x0cfc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:39:30.0875 0x0cfc  napagent - ok
14:39:30.0890 0x0cfc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:39:30.0906 0x0cfc  NativeWifiP - ok
14:39:30.0953 0x0cfc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:39:30.0968 0x0cfc  NDIS - ok
14:39:30.0984 0x0cfc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:39:30.0984 0x0cfc  NdisCap - ok
14:39:30.0999 0x0cfc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:39:30.0999 0x0cfc  NdisTapi - ok
14:39:31.0015 0x0cfc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:39:31.0015 0x0cfc  Ndisuio - ok
14:39:31.0015 0x0cfc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:39:31.0031 0x0cfc  NdisWan - ok
14:39:31.0031 0x0cfc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:39:31.0031 0x0cfc  NDProxy - ok
14:39:31.0046 0x0cfc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:39:31.0046 0x0cfc  NetBIOS - ok
14:39:31.0077 0x0cfc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:39:31.0077 0x0cfc  NetBT - ok
14:39:31.0093 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:39:31.0093 0x0cfc  Netlogon - ok
14:39:31.0109 0x0cfc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:39:31.0124 0x0cfc  Netman - ok
14:39:31.0171 0x0cfc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:31.0171 0x0cfc  NetMsmqActivator - ok
14:39:31.0171 0x0cfc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:31.0187 0x0cfc  NetPipeActivator - ok
14:39:31.0187 0x0cfc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:39:31.0202 0x0cfc  netprofm - ok
14:39:31.0218 0x0cfc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:31.0218 0x0cfc  NetTcpActivator - ok
14:39:31.0218 0x0cfc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:31.0218 0x0cfc  NetTcpPortSharing - ok
14:39:31.0233 0x0cfc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:39:31.0233 0x0cfc  nfrd960 - ok
14:39:31.0265 0x0cfc  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:39:31.0265 0x0cfc  NlaSvc - ok
14:39:31.0265 0x0cfc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:39:31.0265 0x0cfc  Npfs - ok
14:39:31.0280 0x0cfc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:39:31.0280 0x0cfc  nsi - ok
14:39:31.0296 0x0cfc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:39:31.0296 0x0cfc  nsiproxy - ok
14:39:31.0343 0x0cfc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:39:31.0374 0x0cfc  Ntfs - ok
14:39:31.0389 0x0cfc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:39:31.0389 0x0cfc  Null - ok
14:39:31.0405 0x0cfc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:39:31.0421 0x0cfc  nvraid - ok
14:39:31.0436 0x0cfc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:39:31.0436 0x0cfc  nvstor - ok
14:39:31.0452 0x0cfc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:39:31.0452 0x0cfc  nv_agp - ok
14:39:31.0467 0x0cfc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:39:31.0467 0x0cfc  ohci1394 - ok
14:39:31.0545 0x0cfc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:31.0545 0x0cfc  ose - ok
14:39:31.0670 0x0cfc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:39:31.0748 0x0cfc  osppsvc - ok
14:39:31.0779 0x0cfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:39:31.0795 0x0cfc  p2pimsvc - ok
14:39:31.0811 0x0cfc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:39:31.0826 0x0cfc  p2psvc - ok
14:39:31.0826 0x0cfc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:39:31.0826 0x0cfc  Parport - ok
14:39:31.0842 0x0cfc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:39:31.0842 0x0cfc  partmgr - ok
14:39:31.0842 0x0cfc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:39:31.0857 0x0cfc  PcaSvc - ok
14:39:31.0889 0x0cfc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:39:31.0889 0x0cfc  pci - ok
14:39:31.0904 0x0cfc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:39:31.0904 0x0cfc  pciide - ok
14:39:31.0904 0x0cfc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:39:31.0920 0x0cfc  pcmcia - ok
14:39:31.0920 0x0cfc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:39:31.0920 0x0cfc  pcw - ok
14:39:31.0951 0x0cfc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:39:31.0967 0x0cfc  PEAUTH - ok
14:39:32.0013 0x0cfc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:39:32.0013 0x0cfc  PerfHost - ok
14:39:32.0060 0x0cfc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:39:32.0076 0x0cfc  pla - ok
14:39:32.0107 0x0cfc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:39:32.0107 0x0cfc  PlugPlay - ok
14:39:32.0123 0x0cfc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:39:32.0123 0x0cfc  PNRPAutoReg - ok
14:39:32.0138 0x0cfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:39:32.0138 0x0cfc  PNRPsvc - ok
14:39:32.0169 0x0cfc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:39:32.0185 0x0cfc  PolicyAgent - ok
14:39:32.0201 0x0cfc  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
14:39:32.0201 0x0cfc  Power - ok
14:39:32.0216 0x0cfc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:39:32.0216 0x0cfc  PptpMiniport - ok
14:39:32.0232 0x0cfc  [ 3191D910590F6210089498F536CFC25F, 45DF38A4167EA5D6DA426D5004F99B6228455E0FF3513032709E72838CC31267 ] PQAWRwa         C:\Program Files\DELLOSD\PQAWDrv.sys
14:39:32.0232 0x0cfc  PQAWRwa - ok
14:39:32.0247 0x0cfc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:39:32.0247 0x0cfc  Processor - ok
14:39:32.0263 0x0cfc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:39:32.0263 0x0cfc  ProfSvc - ok
14:39:32.0279 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:39:32.0279 0x0cfc  ProtectedStorage - ok
14:39:32.0279 0x0cfc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:39:32.0294 0x0cfc  Psched - ok
14:39:32.0325 0x0cfc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:39:32.0357 0x0cfc  ql2300 - ok
14:39:32.0357 0x0cfc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:39:32.0372 0x0cfc  ql40xx - ok
14:39:32.0388 0x0cfc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:39:32.0388 0x0cfc  QWAVE - ok
14:39:32.0403 0x0cfc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:39:32.0403 0x0cfc  QWAVEdrv - ok
14:39:32.0403 0x0cfc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:39:32.0403 0x0cfc  RasAcd - ok
14:39:32.0419 0x0cfc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:39:32.0419 0x0cfc  RasAgileVpn - ok
14:39:32.0435 0x0cfc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:39:32.0435 0x0cfc  RasAuto - ok
14:39:32.0450 0x0cfc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:39:32.0450 0x0cfc  Rasl2tp - ok
14:39:32.0466 0x0cfc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:39:32.0481 0x0cfc  RasMan - ok
14:39:32.0497 0x0cfc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:39:32.0497 0x0cfc  RasPppoe - ok
14:39:32.0497 0x0cfc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:39:32.0497 0x0cfc  RasSstp - ok
14:39:32.0518 0x0cfc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:39:32.0518 0x0cfc  rdbss - ok
14:39:32.0533 0x0cfc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:39:32.0533 0x0cfc  rdpbus - ok
14:39:32.0533 0x0cfc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:39:32.0533 0x0cfc  RDPCDD - ok
14:39:32.0549 0x0cfc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:39:32.0549 0x0cfc  RDPENCDD - ok
14:39:32.0549 0x0cfc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:39:32.0549 0x0cfc  RDPREFMP - ok
14:39:32.0564 0x0cfc  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:39:32.0580 0x0cfc  RDPWD - ok
14:39:32.0580 0x0cfc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:39:32.0580 0x0cfc  rdyboost - ok
14:39:32.0611 0x0cfc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:39:32.0611 0x0cfc  RemoteAccess - ok
14:39:32.0611 0x0cfc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:39:32.0627 0x0cfc  RemoteRegistry - ok
14:39:32.0674 0x0cfc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:39:32.0674 0x0cfc  RFCOMM - ok
14:39:32.0689 0x0cfc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:39:32.0689 0x0cfc  RpcEptMapper - ok
14:39:32.0720 0x0cfc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:39:32.0720 0x0cfc  RpcLocator - ok
14:39:32.0752 0x0cfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:39:32.0767 0x0cfc  RpcSs - ok
14:39:32.0767 0x0cfc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:39:32.0767 0x0cfc  rspndr - ok
14:39:32.0845 0x0cfc  [ 1BB99CCA4CF32C41D623E895B556FEC1, 7A0A953987AC1308169EFBA662A3AB962ADF00519D0D1567E9D5764FC8B9F2C0 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:39:32.0861 0x0cfc  RtkAudioService - ok
14:39:32.0923 0x0cfc  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:39:32.0939 0x0cfc  RTL8167 - ok
14:39:32.0939 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:39:32.0939 0x0cfc  SamSs - ok
14:39:32.0954 0x0cfc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:39:32.0954 0x0cfc  sbp2port - ok
14:39:32.0970 0x0cfc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:39:32.0970 0x0cfc  SCardSvr - ok
14:39:32.0986 0x0cfc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:39:32.0986 0x0cfc  scfilter - ok
14:39:33.0017 0x0cfc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:39:33.0032 0x0cfc  Schedule - ok
14:39:33.0048 0x0cfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:39:33.0048 0x0cfc  SCPolicySvc - ok
14:39:33.0064 0x0cfc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:39:33.0064 0x0cfc  SDRSVC - ok
14:39:33.0079 0x0cfc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:39:33.0079 0x0cfc  secdrv - ok
14:39:33.0095 0x0cfc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:39:33.0095 0x0cfc  seclogon - ok
14:39:33.0095 0x0cfc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:39:33.0110 0x0cfc  SENS - ok
14:39:33.0110 0x0cfc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:39:33.0126 0x0cfc  SensrSvc - ok
14:39:33.0126 0x0cfc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:39:33.0126 0x0cfc  Serenum - ok
14:39:33.0142 0x0cfc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:39:33.0142 0x0cfc  Serial - ok
14:39:33.0142 0x0cfc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:39:33.0142 0x0cfc  sermouse - ok
14:39:33.0173 0x0cfc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:39:33.0188 0x0cfc  SessionEnv - ok
14:39:33.0188 0x0cfc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:39:33.0188 0x0cfc  sffdisk - ok
14:39:33.0188 0x0cfc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:39:33.0188 0x0cfc  sffp_mmc - ok
14:39:33.0188 0x0cfc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:39:33.0188 0x0cfc  sffp_sd - ok
14:39:33.0204 0x0cfc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:39:33.0204 0x0cfc  sfloppy - ok
14:39:33.0329 0x0cfc  [ B2B36D1B62BA24ACA1C114B3936F308D, 251C87C6EFCA5D18EFB0008B827D22E32B45A1D5C2E125B381EF5444775B798E ] SftService      C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
14:39:33.0360 0x0cfc  SftService - ok
14:39:33.0391 0x0cfc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:39:33.0391 0x0cfc  SharedAccess - ok
14:39:33.0422 0x0cfc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:39:33.0422 0x0cfc  ShellHWDetection - ok
14:39:33.0422 0x0cfc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:39:33.0422 0x0cfc  SiSRaid2 - ok
14:39:33.0438 0x0cfc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:39:33.0438 0x0cfc  SiSRaid4 - ok
14:39:33.0454 0x0cfc  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:39:33.0454 0x0cfc  SkypeUpdate - ok
14:39:33.0469 0x0cfc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:39:33.0469 0x0cfc  Smb - ok
14:39:33.0485 0x0cfc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:39:33.0485 0x0cfc  SNMPTRAP - ok
14:39:33.0500 0x0cfc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:39:33.0500 0x0cfc  spldr - ok
14:39:33.0532 0x0cfc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:39:33.0547 0x0cfc  Spooler - ok
14:39:33.0625 0x0cfc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:39:33.0672 0x0cfc  sppsvc - ok
14:39:33.0703 0x0cfc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:39:33.0703 0x0cfc  sppuinotify - ok
14:39:33.0734 0x0cfc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:39:33.0734 0x0cfc  srv - ok
14:39:33.0750 0x0cfc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:39:33.0750 0x0cfc  srv2 - ok
14:39:33.0766 0x0cfc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:39:33.0781 0x0cfc  srvnet - ok
14:39:33.0797 0x0cfc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:39:33.0797 0x0cfc  SSDPSRV - ok
14:39:33.0812 0x0cfc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:39:33.0812 0x0cfc  SstpSvc - ok
14:39:33.0828 0x0cfc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:39:33.0828 0x0cfc  stexstor - ok
14:39:33.0890 0x0cfc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:39:33.0906 0x0cfc  stisvc - ok
14:39:33.0906 0x0cfc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:39:33.0906 0x0cfc  swenum - ok
14:39:33.0953 0x0cfc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:39:33.0968 0x0cfc  swprv - ok
14:39:34.0015 0x0cfc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:39:34.0031 0x0cfc  SysMain - ok
14:39:34.0046 0x0cfc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:39:34.0046 0x0cfc  TabletInputService - ok
14:39:34.0062 0x0cfc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:39:34.0062 0x0cfc  TapiSrv - ok
14:39:34.0078 0x0cfc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:39:34.0078 0x0cfc  TBS - ok
14:39:34.0140 0x0cfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:39:34.0171 0x0cfc  Tcpip - ok
14:39:34.0202 0x0cfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:39:34.0234 0x0cfc  TCPIP6 - ok
14:39:34.0249 0x0cfc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:39:34.0249 0x0cfc  tcpipreg - ok
14:39:34.0265 0x0cfc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:39:34.0265 0x0cfc  TDPIPE - ok
14:39:34.0280 0x0cfc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:39:34.0280 0x0cfc  TDTCP - ok
14:39:34.0296 0x0cfc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:39:34.0296 0x0cfc  tdx - ok
14:39:34.0312 0x0cfc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:39:34.0312 0x0cfc  TermDD - ok
14:39:34.0343 0x0cfc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
14:39:34.0358 0x0cfc  TermService - ok
14:39:34.0374 0x0cfc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:39:34.0374 0x0cfc  Themes - ok
14:39:34.0374 0x0cfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:39:34.0390 0x0cfc  THREADORDER - ok
14:39:34.0405 0x0cfc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:39:34.0405 0x0cfc  TrkWks - ok
14:39:34.0452 0x0cfc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:39:34.0452 0x0cfc  TrustedInstaller - ok
14:39:34.0483 0x0cfc  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:39:34.0483 0x0cfc  tssecsrv - ok
14:39:34.0483 0x0cfc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:39:34.0499 0x0cfc  TsUsbFlt - ok
14:39:34.0499 0x0cfc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:39:34.0499 0x0cfc  TsUsbGD - ok
14:39:34.0514 0x0cfc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:39:34.0517 0x0cfc  tunnel - ok
14:39:34.0519 0x0cfc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:39:34.0519 0x0cfc  uagp35 - ok
14:39:34.0535 0x0cfc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:39:34.0551 0x0cfc  udfs - ok
14:39:34.0566 0x0cfc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:39:34.0566 0x0cfc  UI0Detect - ok
14:39:34.0566 0x0cfc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:39:34.0582 0x0cfc  uliagpkx - ok
14:39:34.0582 0x0cfc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:39:34.0582 0x0cfc  umbus - ok
14:39:34.0582 0x0cfc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:39:34.0582 0x0cfc  UmPass - ok
14:39:34.0675 0x0cfc  [ D80B1075B69B57A3AB78F750CE463ECE, E8435B723C3D9F5B28D5588365E7D6BED298565BCF61240C2B505B1033180DAA ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:39:34.0675 0x0cfc  UNS - ok
14:39:34.0707 0x0cfc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:39:34.0707 0x0cfc  upnphost - ok
14:39:34.0738 0x0cfc  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:39:34.0738 0x0cfc  usbccgp - ok
14:39:34.0785 0x0cfc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:39:34.0785 0x0cfc  usbcir - ok
14:39:34.0800 0x0cfc  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:39:34.0816 0x0cfc  usbehci - ok
14:39:34.0831 0x0cfc  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:39:34.0847 0x0cfc  usbhub - ok
14:39:34.0863 0x0cfc  [ F4A4255E930B6D007A3501C35A3DACC4, E0D0EF801100BE57A199A483330A80FB6C6FF29AEBF3380BEE16BB364A8D7FC7 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:39:34.0863 0x0cfc  usbohci - ok
14:39:34.0909 0x0cfc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:39:34.0909 0x0cfc  usbprint - ok
14:39:34.0925 0x0cfc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:39:34.0925 0x0cfc  USBSTOR - ok
14:39:34.0956 0x0cfc  [ 9462E6B70615C1703D4A95FA61FC54A1, A66E75A42E58E126F575F1AFC3BE47E119CF53431CED511776D878A78F597015 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:39:34.0956 0x0cfc  usbuhci - ok
14:39:35.0003 0x0cfc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:39:35.0019 0x0cfc  usbvideo - ok
14:39:35.0019 0x0cfc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:39:35.0034 0x0cfc  UxSms - ok
14:39:35.0034 0x0cfc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:39:35.0034 0x0cfc  VaultSvc - ok
14:39:35.0050 0x0cfc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:39:35.0050 0x0cfc  vdrvroot - ok
14:39:35.0065 0x0cfc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:39:35.0081 0x0cfc  vds - ok
14:39:35.0081 0x0cfc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:39:35.0081 0x0cfc  vga - ok
14:39:35.0097 0x0cfc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:39:35.0097 0x0cfc  VgaSave - ok
14:39:35.0112 0x0cfc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:39:35.0112 0x0cfc  vhdmp - ok
14:39:35.0143 0x0cfc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:39:35.0143 0x0cfc  viaide - ok
14:39:35.0159 0x0cfc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:39:35.0159 0x0cfc  volmgr - ok
14:39:35.0175 0x0cfc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:39:35.0190 0x0cfc  volmgrx - ok
14:39:35.0206 0x0cfc  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:39:35.0206 0x0cfc  volsnap - ok
14:39:35.0268 0x0cfc  [ D9F8B3A9F4695CC7412B9739C43F558E, 4F80FE4A831A6CAF2054F7A236894487BB00C49D3280951E341D505CD6C57D62 ] VolumeCtlSrv    C:\Program Files\DELLOSD\VolumeCtlSrv.exe
14:39:35.0268 0x0cfc  VolumeCtlSrv - ok
14:39:35.0284 0x0cfc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:39:35.0284 0x0cfc  vsmraid - ok
14:39:35.0331 0x0cfc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:39:35.0362 0x0cfc  VSS - ok
14:39:35.0377 0x0cfc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:39:35.0377 0x0cfc  vwifibus - ok
14:39:35.0424 0x0cfc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:39:35.0424 0x0cfc  vwififlt - ok
14:39:35.0455 0x0cfc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:39:35.0471 0x0cfc  vwifimp - ok
14:39:35.0487 0x0cfc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:39:35.0487 0x0cfc  W32Time - ok
14:39:35.0502 0x0cfc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:39:35.0502 0x0cfc  WacomPen - ok
14:39:35.0502 0x0cfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:39:35.0518 0x0cfc  WANARP - ok
14:39:35.0518 0x0cfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:39:35.0518 0x0cfc  Wanarpv6 - ok
14:39:35.0565 0x0cfc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:39:35.0580 0x0cfc  WatAdminSvc - ok
14:39:35.0627 0x0cfc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:39:35.0658 0x0cfc  wbengine - ok
14:39:35.0674 0x0cfc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:39:35.0674 0x0cfc  WbioSrvc - ok
14:39:35.0689 0x0cfc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:39:35.0689 0x0cfc  wcncsvc - ok
14:39:35.0721 0x0cfc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:39:35.0721 0x0cfc  WcsPlugInService - ok
14:39:35.0721 0x0cfc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:39:35.0721 0x0cfc  Wd - ok
14:39:35.0767 0x0cfc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:39:35.0799 0x0cfc  Wdf01000 - ok
14:39:35.0830 0x0cfc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:39:35.0830 0x0cfc  WdiServiceHost - ok
14:39:35.0845 0x0cfc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:39:35.0845 0x0cfc  WdiSystemHost - ok
14:39:35.0861 0x0cfc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:39:35.0861 0x0cfc  WebClient - ok
14:39:35.0892 0x0cfc  [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:39:35.0892 0x0cfc  Wecsvc - ok
14:39:35.0908 0x0cfc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:39:35.0908 0x0cfc  wercplsupport - ok
14:39:35.0923 0x0cfc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:39:35.0923 0x0cfc  WerSvc - ok
14:39:35.0923 0x0cfc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:39:35.0923 0x0cfc  WfpLwf - ok
14:39:35.0939 0x0cfc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:39:35.0939 0x0cfc  WIMMount - ok
14:39:35.0939 0x0cfc  WinDefend - ok
14:39:35.0955 0x0cfc  WinHttpAutoProxySvc - ok
14:39:35.0986 0x0cfc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:39:35.0986 0x0cfc  Winmgmt - ok
14:39:36.0064 0x0cfc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:39:36.0095 0x0cfc  WinRM - ok
14:39:36.0126 0x0cfc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:39:36.0126 0x0cfc  WinUsb - ok
14:39:36.0189 0x0cfc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:39:36.0204 0x0cfc  Wlansvc - ok
14:39:36.0282 0x0cfc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:39:36.0313 0x0cfc  wlidsvc - ok
14:39:36.0360 0x0cfc  [ E04D799D111FD688B83C0F0EDF8BF14C, 2291360D4824C9508801737FCA7B51D89ECB1AF829C064E1C705D30AFBA68D5C ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
14:39:36.0376 0x0cfc  wltrysvc - ok
14:39:36.0376 0x0cfc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:39:36.0376 0x0cfc  WmiAcpi - ok
14:39:36.0391 0x0cfc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:39:36.0391 0x0cfc  wmiApSrv - ok
14:39:36.0407 0x0cfc  WMPNetworkSvc - ok
14:39:36.0407 0x0cfc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:39:36.0407 0x0cfc  WPCSvc - ok
14:39:36.0423 0x0cfc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:39:36.0423 0x0cfc  WPDBusEnum - ok
14:39:36.0454 0x0cfc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:39:36.0454 0x0cfc  ws2ifsl - ok
14:39:36.0454 0x0cfc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:39:36.0469 0x0cfc  wscsvc - ok
14:39:36.0469 0x0cfc  WSearch - ok
14:39:36.0556 0x0cfc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:39:36.0595 0x0cfc  wuauserv - ok
14:39:36.0626 0x0cfc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:39:36.0626 0x0cfc  WudfPf - ok
14:39:36.0673 0x0cfc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:39:36.0673 0x0cfc  WUDFRd - ok
14:39:36.0704 0x0cfc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:39:36.0704 0x0cfc  wudfsvc - ok
14:39:36.0720 0x0cfc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:39:36.0735 0x0cfc  WwanSvc - ok
14:39:36.0766 0x0cfc  ================ Scan global ===============================
14:39:36.0798 0x0cfc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:39:36.0829 0x0cfc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:39:36.0844 0x0cfc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:39:36.0860 0x0cfc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:39:36.0891 0x0cfc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:39:36.0907 0x0cfc  [ Global ] - ok
14:39:36.0907 0x0cfc  ================ Scan MBR ==================================
14:39:36.0922 0x0cfc  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:39:37.0125 0x0cfc  \Device\Harddisk0\DR0 - ok
14:39:37.0125 0x0cfc  ================ Scan VBR ==================================
14:39:37.0125 0x0cfc  [ F70403486978018B11325D9B008A56B7 ] \Device\Harddisk0\DR0\Partition1
14:39:37.0188 0x0cfc  \Device\Harddisk0\DR0\Partition1 - ok
14:39:37.0188 0x0cfc  [ 359570A75AED48DA4F1942B886DE3AAC ] \Device\Harddisk0\DR0\Partition2
14:39:37.0188 0x0cfc  \Device\Harddisk0\DR0\Partition2 - ok
14:39:37.0188 0x0cfc  ================ Scan generic autorun ======================
14:39:37.0219 0x0cfc  [ 9BA5073DF516E6AEF3DBF57B6518D7B4, CAFBD3A57FF54A8448F4A7A9D4E70964A3ABEBF668E1892AFD82958EFA61BB5E ] C:\Windows\system32\igfxtray.exe
14:39:37.0219 0x0cfc  IgfxTray - ok
14:39:37.0234 0x0cfc  [ 5E0382113B7865D02AFDC639C84FA9AB, 8CD7444E55B7D7CF3D12C0C0E085D81423CAE2879914DC996829E5579EAF2BC3 ] C:\Windows\system32\hkcmd.exe
14:39:37.0250 0x0cfc  HotKeysCmds - ok
14:39:37.0266 0x0cfc  [ 30DB1F73F98385B3F591141B6F3C509B, 762640A79E5E43CE522C1ABE2A5ABDBA00A03073267EC1070F608FAE0B9007A4 ] C:\Windows\system32\igfxpers.exe
14:39:37.0281 0x0cfc  Persistence - ok
14:39:37.0437 0x0cfc  [ DB333A5F69B00A6B550901A5C854929F, 7CAB6D0D20CDE3AE41B06826C9045CC3E3438AB94BB3D9D5C0E50EEF3C41101F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:39:37.0609 0x0cfc  RTHDVCPL - ok
14:39:37.0671 0x0cfc  [ E9752E0CD9FB37612474B23973443FC9, B497B77BCC70A721D74DDE5551C0314D43FDAFE547D071C26750F0314128FCB8 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
14:39:37.0702 0x0cfc  RtHDVBg - ok
14:39:38.0264 0x0cfc  [ 7F0C62EDD6D3845ECFC491A5F617F676, 0EC81F6033735830BFC282FBB099AF95BA1194AFDB425A6E0758036B28F6933A ] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
14:39:38.0420 0x0cfc  Broadcom Wireless Manager UI - ok
14:39:38.0482 0x0cfc  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
14:39:38.0498 0x0cfc  mcpltui_exe - ok
14:39:38.0550 0x0cfc  [ FE821F6FA60E9DF9FDEE69A23488BBAB, 98D9926152FDA45705F5E208D7236E467CAEEF83D756A14B4104EBF804644B29 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:39:38.0565 0x0cfc  Adobe ARM - ok
14:39:38.0581 0x0cfc  [ 1DE859B82E381A645C44284A5044BC33, 305AE678D3163D57C8E027F94BC553FDFDE7F9A14599EAEC370B0867DE4A9EC2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:39:38.0597 0x0cfc  SunJavaUpdateSched - ok
14:39:38.0643 0x0cfc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:39:38.0675 0x0cfc  Sidebar - ok
14:39:38.0690 0x0cfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:39:38.0706 0x0cfc  mctadmin - ok
14:39:38.0737 0x0cfc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:39:38.0753 0x0cfc  Sidebar - ok
14:39:38.0768 0x0cfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:39:38.0768 0x0cfc  mctadmin - ok
14:39:38.0815 0x0cfc  [ 8BBDBEBCF62898D56AB584A373A461E7, 627F24C96576C51255794DCD4DFAA39C0F0334F5E1EF69EC552DE357C2C16228 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe
14:39:38.0815 0x0cfc  Starfield Updater - ok
14:39:38.0862 0x0cfc  [ 4DE6D81F233FA8FDA7DEA30E0EF1786A, 60A16FBE2F854B452091FFCB945C41BB0E86738A94F64BC274F1EC7F45B9D417 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe
14:39:38.0893 0x0cfc  wben - ok
14:39:38.0909 0x0cfc  [ 9CA3F552644E7FB6A318FAE7C314DC5C, 1720FF5BFD58F96CD05546B02F214F7371EA85997000F36E243CAB9C6E00DF34 ] C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe
14:39:38.0924 0x0cfc  Workspace Status - ok
14:39:38.0924 0x0cfc  Waiting for KSN requests completion. In queue: 341
14:39:39.0938 0x0cfc  Waiting for KSN requests completion. In queue: 341
14:39:40.0942 0x0cfc  Waiting for KSN requests completion. In queue: 29
14:39:41.0956 0x0cfc  Waiting for KSN requests completion. In queue: 29
14:39:42.0975 0x0cfc  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52000 ( disabled : updated )
14:39:42.0990 0x0cfc  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled )
14:39:43.0037 0x0cfc  Win FW state via NFP2: enabled
14:39:46.0256 0x0cfc  ============================================================
14:39:46.0256 0x0cfc  Scan finished
14:39:46.0256 0x0cfc  ============================================================
14:39:46.0256 0x200c  Detected object count: 0
14:39:46.0256 0x200c  Actual detected object count: 0
 

Link to post
Share on other sites

  • Staff

Hi King, 

 

I see you have run ComboFix. This is a powerful first-responder malware removal tool, designed to remove some of the toughest infections - including rootkits, bootkits, backdoors and boot sector viruses. The tool should not be used unless under trained supervision; doing so without supervision may cause serious issues, such as an unbootable computer. 

 

Please post the contents of the ComboFix log in your next reply. The log can be found at C:\ComboFix.txt.

Link to post
Share on other sites

ComboFix log:

 

ComboFix 14-08-21.01 - HIEXDP-GM 08/22/2014  10:25:54.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3985.2742 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LIL20A7.tmp
C:\LIL20A8.tmp
c:\programdata\PCDr\6426\AddOnDownloaded\17f1dc08-7438-4923-8b13-c44c0a4de941.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e594a66-ed50-4a0e-83c6-4e45f86b74a3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a05de01f-6d84-4008-82c8-44786a5ba980.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aad72ad9-b2a9-499c-b5f3-aefdb7159aef.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b270d1ef-5630-421b-a735-c8a319b14e35.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c98a4b24-626c-4736-8d18-dd5b3e47d741.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d25002f9-4300-486b-80e9-bcb6abe38487.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a96c3d-2e95-42ea-ad11-9e3f77fdabd4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\edc945f3-3954-45e7-9a70-30ec3406dc28.dll
c:\programdata\PCDr\6426\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-22 to 2014-08-22  )))))))))))))))))))))))))))))))
.
.
2014-08-22 15:29 . 2014-08-22 15:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-22 13:52 . 2014-08-22 13:52    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Roaming\SUPERAntiSpyware.com
2014-08-22 13:48 . 2014-08-22 13:52    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-08-22 13:48 . 2014-08-22 13:48    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-08-21 20:13 . 2014-08-21 20:13    --------    d-----w-    c:\program files\Enigma Software Group
2014-08-21 20:13 . 2014-08-22 13:26    --------    d-----w-    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-21 20:13 . 2014-08-21 20:13    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-21 19:59 . 2014-08-21 19:59    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\BrowserHumble
2014-08-21 19:33 . 2014-08-22 14:23    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-21 19:32 . 2014-08-21 19:32    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-21 19:32 . 2014-08-21 19:32    --------    d-----w-    c:\programdata\Malwarebytes
2014-08-21 19:32 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-21 19:32 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-21 19:32 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-08-19 18:20 . 2014-08-19 18:20    5    ----a-w-    c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-08-19 17:15 . 2014-08-19 17:18    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Windows Live
2014-08-19 17:01 . 2014-08-19 18:21    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Roaming\HTC
2014-08-19 17:00 . 2014-08-19 17:00    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Apple Computer
2014-08-19 17:00 . 2014-08-19 17:00    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Roaming\Apple Computer
2014-08-19 17:00 . 2014-08-19 17:00    --------    d-----w-    c:\users\HIEXDP-GM\.android
2014-08-19 16:59 . 2014-08-19 16:59    --------    d-----w-    c:\program files (x86)\Spirent Communications
2014-08-19 16:57 . 2014-08-19 16:57    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Downloaded Installations
2014-08-19 16:56 . 2014-08-19 18:21    --------    d-----w-    c:\program files (x86)\HTC
2014-08-19 16:56 . 2010-03-08 20:08    121800    ----a-w-    c:\windows\system32\drivers\HtcVComV64.sys
2014-08-19 16:56 . 2009-06-09 13:41    1122664    ----a-w-    c:\windows\system32\WdfCoInstaller01007.dll
2014-08-19 16:56 . 2009-11-02 10:16    33736    ----a-w-    c:\windows\system32\drivers\ANDROIDUSB.sys
2014-08-19 16:56 . 2014-08-19 18:21    --------    d-----w-    c:\programdata\HTC
2014-08-19 14:39 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-08-19 14:39 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-08-19 14:39 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-08-19 14:39 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-08-19 14:39 . 2014-05-14 14:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-08-19 14:39 . 2014-05-14 14:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-08-19 14:39 . 2014-05-14 14:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-08-19 14:39 . 2014-05-14 14:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-08-18 08:02 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-18 08:02 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-18 08:02 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-18 08:02 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-18 08:02 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-18 08:02 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-18 08:01 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-18 08:01 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-17 16:58 . 2014-07-31 23:16    235200    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-07-31 17:29 . 2014-07-31 17:29    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-07-31 17:29 . 2014-07-31 17:29    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-31 17:29 . 2014-07-31 17:29    --------    d-----w-    c:\program files (x86)\Java
2014-07-31 17:25 . 2014-07-31 17:25    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Configure
2014-07-31 17:25 . 2014-07-31 17:25    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Maker3D
2014-07-29 15:08 . 2014-07-29 15:08    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\offsync
2014-07-29 15:06 . 2014-07-29 15:06    --------    d-----w-    c:\windows\Workspace Logs
2014-07-29 15:06 . 2014-07-29 15:06    --------    d-----w-    c:\program files (x86)\Workspace
2014-07-29 15:04 . 2014-07-29 15:07    --------    d-----w-    c:\users\HIEXDP-GM\AppData\Local\Workspace
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-20 15:38 . 2012-11-09 12:40    72128    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2014-06-20 15:31 . 2012-11-09 12:37    348552    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 15:30 . 2014-01-26 13:53    189912    ----a-w-    c:\windows\system32\mfevtps.exe
2014-06-20 15:26 . 2012-11-09 12:35    786296    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2014-06-20 15:23 . 2012-11-09 12:34    523792    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2014-06-20 15:21 . 2012-11-09 12:34    313544    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 15:20 . 2012-11-09 12:33    181704    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 08:12 . 2014-06-18 08:12    11336    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2014-06-18 08:12 . 2014-06-18 08:12    96592    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2014-06-18 08:11 . 2014-06-18 08:11    444720    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2014-06-18 02:18 . 2014-07-09 14:16    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 14:16    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-09 14:16    3157504    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-09 14:16    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 14:16    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 14:16    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 14:16    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 14:16    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 14:16    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 14:16    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 14:16    340992    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 14:16    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 14:16    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 14:16    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 14:16    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 14:16    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 14:16    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 14:16    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 14:16    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 14:16    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 14:16    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 14:16    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 14:16    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe" [2014-07-29 35008]
"wben"="c:\users\HIEXDP-GM\AppData\Local\Workspace\wben.exe" [2013-09-16 1569488]
"Workspace Status"="c:\users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe" [2014-07-29 694760]
"BrowserHumble"="c:\users\HIEXDP-GM\AppData\Local\BrowserHumble\BrowserHumble.dll" [2014-08-21 262144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-14 7762712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-1-26 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 0125101408466832mcinstcleanup;McAfee Application Installer Cleanup (0125101408466832);c:\windows\TEMP\012510~1.EXE;c:\windows\TEMP\012510~1.EXE [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
R2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VolumeCtlSrv;VolumeCtlSrv;c:\program files\DELLOSD\VolumeCtlSrv.exe;c:\program files\DELLOSD\VolumeCtlSrv.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PQAWRwa;PQAWRwa;c:\program files\DELLOSD\PQAWDrv.sys;c:\program files\DELLOSD\PQAWDrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-26 13:30]
.
2014-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5e6851ae-0888-405c-b8bd-09fd2458a5f9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-08-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a55d101e-8279-4197-b927-57d3e426347c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2014-07-29 15:06    1308432    ----a-w-    c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2014-07-29 15:06    1308432    ----a-w-    c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-18 171504]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-18 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-18 442352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-29 7507968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xdrmy.default-1408717933456\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-22  10:30:31
ComboFix-quarantined-files.txt  2014-08-22 15:30
.
Pre-Run: 923,700,686,848 bytes free
Post-Run: 923,253,276,672 bytes free
.
- - End Of File - - 6AD301F4AE5DBF6D10AD5BB5AF20B48E
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

Just something easy to try.  I had same thing going on and kept getting messages that malwarebytes blocked outgoing message to flyclick.biz.  When I opened task manager I could see chrome browser running and trying to open lots of programs.  Closing in task manager didn't work, it just kept opening more programs.  I tried most of the suggestions I read in the forums here on how to get rid of this and could not get this to stop.  I downloaded most of the programs suggested and nothing fixed this flyclick.biz.  At times I was getting 3 or 4 attempts of outgoing messages to flyclick.biz per minute.  Last night I tried using a free download from Norton.  I believe it was called  Norton power eraser.  Anyways downloaded it and there program found and fixed several issues and it appears that there program fixed my flyclick issues.  Hope this  maybe works for others.  John

Link to post
Share on other sites

  • Staff

Hi King, 
 
Please provide an update on your computer after carrying out the following steps. Are there any outstanding issues?
 
Your logs indicate both McAfee Anti-Virus and McAfee Firewall are disabled. Is this still the case? If so, please ensure you enable both your Anti-Virus and Firewall. 
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startSearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Groupc:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMPCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Return to RogueKiller and click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 3
YjhLJro.png.pagespeed.ce.__mK8JaB4j.png SystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook.exe / SystemLook_x64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind*BrowserHumble*:folderfind*BrowserHumble*:regfindBrowserHumble
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button. 
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Is your AV/Firewall enabled?
  • Fixlog.txt
  • RKreport
  • SystemLook.txt
  • Update on computer
Link to post
Share on other sites

You are correct, both McAfee Anti-Virus and McAfee Firewall were disabled.  Anti-Virus and Firewall were enabled prior to following your directions.

 

Here are requested logs: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by HIEXDP-GM at 2014-08-26 14:23:11 Run:1
Running from C:\Users\HIEXDP-GM\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
2014-08-21 15:13 - 2014-08-21 15:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{95CDCB05-4CE6-4A86-BBAB-F25295698E8C} canceled.
{A11312B4-1B71-4578-810C-9DA5D58DD8E0} canceled.
{26CC74C0-1931-4AFC-82EC-2F7D016D5172} canceled.
{D8B2ECF4-827B-4194-BD84-583957559810} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 133.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : HIEXDP-GM [Admin rights]
Mode : Scan -- Date : 08/26/2014  14:36:37

¤¤¤ Bad processes : 3 ¤¤¤
[suspicious.Path] workspaceupdate.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspaceupdate.exe[7] -> KILLED [TermProc]
[suspicious.Path] wben.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe[7] -> KILLED [TermProc]
[suspicious.Path] workspacestatus.exe -- C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe[7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 25 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\WorkspaceUpdate.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | wben : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\wben.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\HIEXDP-GM\AppData\Local\Workspace\workspacestatus.exe"  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C2F243EF-5966-46EF-B64D-54E86F9E08EF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D2B64D0E-78D6-41CB-BF1F-FE007FED41FF} | DhcpNameServer : 10.0.0.1  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1318888917-3662893499-1279507367-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 3jpy1sre.default : user_pref("browser.startup.homepage", "http://google.com/"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] f223b285bfef1f72bf61da29e940cf93
[bSP] b663878dd27563964e36a4fa0c845ef2 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 931642 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 14:38 on 26/08/2014 by HIEXDP-GM
Administrator - Elevation successful

========== filefind ==========

Searching for "*BrowserHumble*"
No files found.

========== folderfind ==========

Searching for "*BrowserHumble*"
No folders found.

========== regfind ==========

Searching for "BrowserHumble"
No data found.

-= EOF =-

 

 

UPDATE:  at this time I am not seeing any symptoms of the infection.  I have not had any pop-ups, nor does it appear that there are any unusual processes running / hogging up CPU.

Link to post
Share on other sites

  • Staff

UPDATE:  at this time I am not seeing any symptoms of the infection.  I have not had any pop-ups, nor does it appear that there are any unusual processes running / hogging up CPU.

Very good.

 

The items found in RogueKiller are false-positives. However, to be certain, please confirm if you installed Workspace Desktop by Starfield Technologies or not. 

 

STEP 1

BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please delete your current copy of AdwCleaner (right-click AdwCleaner.exe + Delete). 
  • Download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

STEP 2

xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

     

======================================================

STEP 3

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you install the programme?
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites

# AdwCleaner v3.308 - Report created 22/08/2014 at 10:32:55
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HIEXDP-GM - HIEXDP-GM-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xdrmy.default-1408717933456\prefs.js ]


*************************

AdwCleaner[R0].txt - [1154 octets] - [22/08/2014 10:31:39]
AdwCleaner[s0].txt - [1079 octets] - [22/08/2014 10:32:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1139 octets] ##########
# AdwCleaner v3.308 - Report created 27/08/2014 at 09:26:40
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HIEXDP-GM - HIEXDP-GM-PC
# Running from : C:\Users\HIEXDP-GM\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\HIEXDP-GM\AppData\Roaming\Mozilla\Firefox\Profiles\3jpy1sre.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2347 octets] - [22/08/2014 10:31:39]
AdwCleaner[s0].txt - [2279 octets] - [22/08/2014 10:32:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2339 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by HIEXDP-GM on Wed 08/27/2014 at  9:32:50.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/27/2014 at  9:40:46.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

  • Staff

Looks good. Lets check for remnants, and we'll be almost done. 

 

STEP 1
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update/Remove Java

  • Download the latest version of xj8JVMVP.jpg.pagespeed.ic.nXOrq5CtJG.jpg Java from here.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for and uninstall the following programmes (if present):
    • Java 7 Update 65
       

STEP 2
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log
Link to post
Share on other sites

Java removed successfully.

 

Malwarebytes did not find any threats, that log below.  ESET Online Scan log to follow shortly.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 3:21:56 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.07
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HIEXDP-GM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338959
Time Elapsed: 6 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    probably a variant of Win32/Systweak potentially unwanted application
C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll    a variant of Win32/Kryptik.CJQD trojan
C:\Windows\Installer\213e517b.msi    probably a variant of Win32/Systweak potentially unwanted application
 

Link to post
Share on other sites

  • Staff

Hi King, 
 
Please do the following, and let me know if you have any outstanding issues afterwards. 
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startC:\Program Files (x86)\WinZip\Utils\WzSysScanC:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dllC:\Windows\Installer\213e517b.msiend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Reader XI
  • Follow the prompts and reboot if necessary.
     

STEP 4
xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Any outstanding issues?
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thanks for your patience.  The computer has not exhibited any further signs of the infection.  Below are the logs requested.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 01
Ran by HIEXDP-GM at 2014-09-03 06:58:42 Run:2
Running from C:\Users\HIEXDP-GM\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\WinZip\Utils\WzSysScan
C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll
C:\Windows\Installer\213e517b.msi
end
*****************

C:\Program Files (x86)\WinZip\Utils\WzSysScan => Moved successfully.
"C:\Users\HIEXDP-GM\AppData\LocalLow\douehpk.dll" => File/Directory not found.
C:\Windows\Installer\213e517b.msi => Moved successfully.

==== End of Fixlog ====

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Staff

All Clean!
Congratulations, your computer appears clean! xsmile.png.pagespeed.ic.CwSpBGGvqN.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png.pagespeed.ce.vPjGp_AkW3.png
 
 
STEP 1
x9SN2ePL.png.pagespeed.ic.DrTMlTygmY.png ComboFix Uninstall

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type the following text into the Run box:
    ​ComboFix /Uninstall
  • Press OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
  • If the command does not work, please redownload ComboFix to your Desktop and repeat the command.
     

STEP 2
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Create system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will not be removed. I recommend updating and scanning Malwarebytes once a week to maintain security on your computer.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.