Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET identifies 2 viruses, MBR errors, hard drive has 6 4 hidden partitions


  • This topic is locked This topic is locked
14 replies to this topic

#1 Havin' Problems

Havin' Problems

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 03 December 2013 - 05:47 AM

1) This computer is only 2 months old. It came with X64 Windows 8, and I upgraded it to Windows Pro.

2) The computer has slowed to a crawl.

2a) The desktop icons refresh constantly, and it takes forever for the icon pictures to return.

2b) CD/DVD Player is always opening by itself.

2c) Frequently when I browse the internet, if I click on something nothing happens.

2d) I don't know if this is related but I figure I'll give as much information as I can. My Yahoo account was hacked and

sent a lot of spam to all my contacts.

2e) When I try to run aswMBR, it says it has encountered an error and immediately shuts down.

2f) Frequently my cpu and memory are at 100%, and there is nothing running.

2g) IE crashes constantly. Programs become unresponsive.

2h) I ran an ESET online scan and it told me I have this: C:\Program Files (x86)\Dell Backup and Recovery\Components

\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application

It also told me that I have this: C:\$RECYCLE.BIN\S-1-5-21-1728614643-3146882776-3930629701-1001\$R3EQIPD.exe a variant

of Win32/HiddenStart.A application

2i) My hard drive constantly says it needs to restart and repair errors, but everytime i restart my computer, i get

messages that my hard drive is still messed up and I need to restart my computer.

3) Despite it being so new, the hard drive has 6 partitions. Most of them are declared "hidden" or "empty".

4) About 2 weeks ago, I tried to download Clam AV, but it must have been a bad site as I downloaded "Artemis!"

5) Suppossedly, it had damaged my MBR, but I simply reinstalled the operating system, and figured everything would be O.K.

6) However, I was having problems, and I ran rogue killer, and I have attached two screenshots of what it says under "MBR"

7) It says I have no operating system and some other stuff. Perhaps you can make sense of it.

8) I have expired certificates listed in the "trusted" root certificate storage.

9) When I go to a search engine and search, the address bar displays some weird stuff. Sometimes it shows the following

when I search "baseball":
 

"http://search.yahoo.com/search;_ylt=A0geuqO9h4NS.QgAhNBXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNjNjFtajlsOTg3MXR0JTI2YiUzRDM

lMjZzJTNEaXUEY3NyY3B2aWQDZnZrUjdrZ2V1ckIxYjJHMy5IZkNSZ096VEhSMFBWS0RoNzBBREtObQRmcgNtY3Nhb2ZmYmxvY2sEZnIyA3NiLXRvcARncHJpZ

AMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMARvcmlnaW4Dc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4BHF1ZXJ

5A2Jhc2ViYWxsBHRfc3RtcAMxMzg0MzUxNjg3NjA1BHZ0ZXN0aWQDbnVsbA--?p=baseball&fr2=sb-top&fr=mcsaoffblock"

 

What is that?

 

10) Sometimes it just shows:

"http://search.yahoo.com/search?fr=mcsaoffblock&p=baseball"

 

What is this?

 

11) I ran a file integrity check and I have literally hundreds of unsigned files, drivers, etc.

 

12) Anyway, any help that you could offer would be really great. I know I posted a lot of information, most is probably

irrelevant, but I just wanted to list as much as I could in order to help you guys help me. I have posted my DDS logs and

the pictures of what Rogue Killer shows about my MBR.

 

Thank you for your help. It does not go unappreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by TLC at 4:40:19 on 2013-12-03
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8061.4699 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\WINDOWS\SysWOW64\StrongDial.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\StrongVPN\bin\openvpn.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\My Dell\imstrayicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uDefault_Page_URL = hxxp://dell13.msn.com
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [StrongVPN Client] "C:\WINDOWS\SysWOW64\StrongDial.exe" --silent
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install SafeKey IE RunOnce.lnk.disabled
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: SafeKey - C:\Users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 108.171.104.30 173.255.176.29
TCP: Interfaces\{0C6DE4E0-B3D5-4E47-891E-1239BF2A4943} : DHCPNameServer = 108.171.104.30 173.255.176.29
TCP: Interfaces\{5F0A5604-E0D9-4842-A499-53FE5F1B935A} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel64_4.5.15.0.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-5-10 652344]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2013-9-24 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2013-9-24 343568]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\Drivers\SMR410.SYS [2013-12-3 96856]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-5-10 92536]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-11-10 62168]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\Drivers\MOBK.sys [2013-11-7 66040]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/08 08:15:48];C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-9-13 130320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-5-10 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-28 226944]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-11-8 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-11-8 327432]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-10 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-10 165760]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-7 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\Drivers\McPvDrv.sys [2013-11-7 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-7 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-11-7 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-11-7 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-4 1907896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-10 201872]
R2 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2013-11-21 73552]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-10 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-5-10 81536]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-28 33944]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2013-9-24 70112]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-11-7 197704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-10 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2013-9-24 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2013-9-24 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2013-9-20 390552]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-5-10 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-10 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-10 32136]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\Drivers\tapstrong.sys [2013-11-21 38760]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-9-24 69264]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-28 89320]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-12-28 345832]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-12-28 115432]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-28 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-28 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-12-28 136424]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-28 578792]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-5-10 10752]
S3 DsRoleSvc;DS Role Server;C:\Windows\System32\lsass.exe [2013-5-10 35840]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2013-9-20 95984]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-10 28040]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-13 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-13 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-13 171416]
.
=============== Created Last 30 ================
.
2013-12-03 07:54:38 96856 ----a-w- C:\Windows\System32\drivers\SMR410.SYS
2013-11-30 18:46:40 3273216 ----a-w- C:\Windows\System32\ntdsai.dll
2013-11-30 18:46:32 45056 ----a-w- C:\Windows\System32\ntdsatq.dll
2013-11-30 18:31:42 -------- d-----w- C:\Windows\System32\BestPractices
2013-11-30 18:31:30 -------- d-----w- C:\Windows\ADAM
2013-11-30 07:46:07 86512 ----a-w- C:\Windows\SysWow64\StrongService.exe
2013-11-30 07:46:07 411632 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.dll
2013-11-30 07:46:07 380912 ----a-w- C:\Windows\SysWow64\StrongHelper.exe
2013-11-30 07:46:07 225264 ----a-w- C:\Windows\SysWow64\DotRas.dll
2013-11-30 07:46:06 1581552 ----a-w- C:\Windows\SysWow64\StrongDial.exe
2013-11-28 00:15:08 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-11-28 00:15:08 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-11-27 21:07:06 -------- d-----w- C:\Users\TLC\AppData\Local\ElevatedDiagnostics
2013-11-27 17:52:26 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2013-11-27 07:27:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAQ.DLL
2013-11-27 07:27:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAQ.DLL
2013-11-27 07:27:33 385024 ----a-w- C:\Windows\System32\CNMLMAQ.DLL
2013-11-27 07:27:13 373248 ----a-w- C:\Windows\System32\CNC_AQL.dll
2013-11-27 07:27:13 323584 ----a-w- C:\Windows\SysWow64\CNC_AQL.dll
2013-11-27 07:27:13 302080 ----a-w- C:\Windows\System32\CNC_AQC.dll
2013-11-27 07:27:13 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-11-27 07:27:13 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-11-27 07:27:13 114688 ----a-w- C:\Windows\SysWow64\CNC_AQU.dll
2013-11-27 07:27:13 112128 ----a-w- C:\Windows\System32\CNC_AQI.dll
2013-11-26 07:34:22 -------- d-----w- C:\Program Files (x86)\ESET
2013-11-23 09:57:44 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 17:52:44 -------- d-----w- C:\Users\TLC\AppData\Roaming\LavasoftStatistics
2013-11-22 17:39:22 -------- d-----w- C:\Program Files\Lavasoft
2013-11-22 17:38:52 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-11-22 10:04:04 -------- d-----w- C:\Sigcheck
2013-11-21 17:29:09 -------- d-----w- C:\Users\TLC\AppData\Roaming\Malwarebytes
2013-11-21 17:28:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-21 17:28:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 05:48:04 -------- d-----w- C:\Users\TLC\AppData\Local\Diagnostics
2013-11-21 05:00:57 -------- d-----w- C:\Users\TLC\AppData\Roaming\.strongvpn
2013-11-21 05:00:52 38760 ----a-w- C:\Windows\System32\drivers\tapstrong.sys
2013-11-21 05:00:50 -------- d-----w- C:\Program Files (x86)\StrongVPN
2013-11-13 15:21:22 -------- d-----w- C:\Users\TLC\AppData\Local\NPE
2013-11-13 15:21:22 -------- d-----w- C:\ProgramData\Norton
2013-11-13 15:13:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 15:13:26 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-13 10:14:43 -------- d-----w- C:\818cc3f882df8d7e9607
2013-11-13 09:36:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-13 06:59:58 -------- d-----w- C:\Program Files (x86)\Safer Networking
2013-11-13 06:41:42 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-13 06:41:42 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-13 06:41:34 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 06:41:34 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 06:41:18 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 06:41:16 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-11-13 06:41:16 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-13 06:41:15 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-11-13 06:41:14 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-13 06:41:14 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-13 06:41:12 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-13 06:41:12 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-13 05:26:47 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-11-13 05:26:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-11-13 05:26:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-10 07:31:35 -------- d-----w- C:\Users\TLC\AppData\Roaming\SUPERAntiSpyware.com
2013-11-10 07:31:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-11-10 07:31:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-11-10 07:00:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-10 07:00:23 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 06:59:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-10 06:49:41 -------- d-----w- C:\Windows\ERUNT
2013-11-10 06:25:21 -------- d-----w- C:\Users\TLC\Pavark
2013-11-10 05:06:22 -------- d-----w- C:\Program Files\HitmanPro
2013-11-10 05:05:42 -------- d-----w- C:\ProgramData\HitmanPro
2013-11-10 05:03:28 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll
2013-11-10 05:03:28 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll
2013-11-10 05:03:28 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll
2013-11-10 05:03:28 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll
2013-11-10 05:03:27 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit
2013-11-10 04:42:20 -------- d-----w- C:\AdwCleaner
2013-11-08 13:33:21 -------- d-----w- C:\Users\TLC\AppData\Local\Movavi
2013-11-08 13:31:53 -------- d-----w- C:\Users\TLC\AppData\Roaming\MOVAVI
2013-11-08 13:30:46 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 11
2013-11-08 13:17:01 -------- d-----w- C:\Users\TLC\AppData\Local\Cyberlink SoftDMA
2013-11-08 13:15:47 -------- d-----w- C:\Users\TLC\AppData\Local\MediaServer
2013-11-08 13:15:32 -------- d-----w- C:\ProgramData\PDVD
2013-11-08 10:29:31 -------- d-----w- C:\Program Files\Handbrake
2013-11-08 10:24:38 -------- d-----w- C:\Users\TLC\.MakeMKV
2013-11-08 10:24:24 -------- d-----w- C:\Program Files (x86)\MakeMKV
2013-11-08 10:09:50 -------- d-----w- C:\Users\TLC\AppData\Roaming\21239
2013-11-08 05:24:26 -------- d-----w- C:\Users\TLC\AppData\Roaming\WebApp
2013-11-08 03:41:22 -------- d-----w- C:\Program Files (x86)\DVDFab Media Player 2
2013-11-08 02:48:41 -------- d-----w- C:\Users\TLC\AppData\Roaming\DVDFab9
2013-11-08 02:47:54 -------- d-----w- C:\Program Files (x86)\DVDFab 9
2013-11-08 02:47:27 -------- d-----w- C:\Users\TLC\AppData\Local\Programs
2013-11-07 11:09:22 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-11-07 11:09:17 74560 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2013-11-07 11:09:17 -------- d-----w- C:\Users\TLC\AppData\Local\McAfee File Lock
2013-11-07 11:08:26 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-11-07 11:07:38 -------- d-----w- C:\Program Files\McAfee.com
2013-11-07 11:07:24 -------- d-----w- C:\Program Files (x86)\McAfee
2013-11-07 11:03:07 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-11-07 11:03:06 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-11-07 10:40:08 26838560 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-07 10:39:20 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2013-11-07 10:39:08 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2013-11-07 10:39:03 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2013-11-07 10:38:34 -------- d-----w- C:\Program Files (x86)\SafeKey
2013-11-07 10:38:20 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-11-07 10:37:38 -------- d-----w- C:\Program Files\McAfee
2013-11-07 05:00:06 -------- d-----w- C:\Users\TLC\AppData\Local\BMExplorer
2013-11-07 04:32:30 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-11-07 04:32:30 -------- d-----w- C:\Program Files\Dell Support Center
2013-11-07 04:11:15 -------- d-----w- C:\Program Files\SystemRequirementsLab
2013-11-07 03:58:37 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E99AA69E-0A75-45AC-AEFA-2C631992D00D}\gapaengine.dll
2013-11-07 03:58:23 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCD50610-289B-4E71-9DA9-6CD35D5A3A91}\mpengine.dll
2013-11-07 03:57:57 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-07 03:57:51 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-07 03:52:16 -------- d-----w- C:\Program Files\My Dell
2013-11-07 03:51:24 -------- d-----w- C:\Windows\System32\appmgmt
2013-11-07 01:26:46 -------- d-----w- C:\Users\TLC\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
2013-11-07 01:25:20 63184 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2013-11-07 01:23:20 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-11-07 01:21:55 -------- d-----w- C:\Users\TLC\AppData\Local\VIPRE
2013-11-06 17:06:12 -------- d-----w- C:\Users\TLC\AppData\Local\Cyberlink
2013-11-06 16:35:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-06 16:35:42 -------- d-----w- C:\Program Files\iTunes
2013-11-06 16:35:42 -------- d-----w- C:\Program Files\iPod
2013-11-06 16:35:42 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-06 16:22:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-06 16:22:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-06 16:22:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-06 16:22:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-06 16:22:01 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-11-05 19:01:59 -------- d-----w- C:\Users\TLC\AppData\Roaming\PCDr
2013-11-05 02:41:50 -------- d-----w- C:\Users\TLC\AppData\Local\Apple Computer
2013-11-05 02:41:18 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-05 02:38:22 -------- d-----w- C:\Users\TLC\AppData\Local\Apple
2013-11-05 02:37:49 -------- d-----w- C:\Program Files\Bonjour
2013-11-05 02:37:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-11-05 00:55:02 -------- d-----w- C:\Windows\ehome
2013-11-05 00:54:47 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2013-11-05 00:08:56 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-05 00:08:54 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-05 00:08:46 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-11-04 23:08:47 -------- d-----w- C:\Users\TLC\AppData\Local\CrashDumps
2013-11-04 21:56:59 438944 ----a-w- C:\Program Files\Windows Defender\MsMpRes.dll
2013-11-04 21:56:59 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-11-04 21:56:59 153248 ----a-w- C:\Program Files\Windows Defender\EppManifest.dll
2013-11-04 21:52:40 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-04 21:52:39 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-04 21:52:11 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-11-04 21:52:10 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-11-04 21:52:10 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-11-04 21:52:10 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-11-04 21:52:10 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-04 21:52:09 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-11-04 21:52:09 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-11-04 21:49:15 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-11-04 21:45:19 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-11-04 21:45:18 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-11-04 21:45:17 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-11-04 21:45:17 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-11-04 21:44:50 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-11-04 21:44:50 43008 ----a-w- C:\Windows\System32\drivers\usbscan.sys
2013-11-04 21:44:50 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-11-04 21:44:50 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-11-04 21:44:50 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-11-04 21:41:52 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-11-04 21:41:51 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-11-04 21:38:10 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-11-04 21:38:10 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-11-04 21:38:10 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-11-04 21:38:10 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-11-04 21:38:04 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-11-04 21:33:02 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-11-04 21:33:01 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-11-04 21:32:14 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2013-11-04 21:32:14 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2013-11-04 21:30:59 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-11-04 21:27:57 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-04 21:27:56 112872 ----a-w- C:\Windows\System32\consent.exe
2013-11-04 21:23:21 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-11-04 21:23:21 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-11-04 21:23:15 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 21:23:15 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-11-04 21:23:04 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-11-04 21:23:04 337752 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-11-04 21:23:04 213336 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-11-04 21:22:59 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-11-04 21:22:59 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-11-04 21:22:59 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-11-04 21:22:59 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-11-04 21:22:59 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-11-04 21:22:59 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-11-04 21:22:59 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-11-04 21:22:56 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-11-04 21:22:52 2851840 ----a-w- C:\Windows\System32\esent.dll
2013-11-04 21:22:52 2382336 ----a-w- C:\Windows\SysWow64\esent.dll
2013-11-04 21:22:12 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-11-04 21:22:12 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-11-04 21:18:56 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-11-04 21:18:56 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-11-04 21:18:25 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-11-04 21:18:24 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-11-04 21:18:24 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-11-04 21:18:24 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-11-04 21:18:24 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-11-04 21:18:24 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-11-04 21:09:50 -------- d-----w- C:\Windows\System32\MRT
2013-11-04 20:05:57 -------- d-----w- C:\SkyDriveTemp
2013-11-04 19:56:40 -------- d-----w- C:\Program Files\office.tmp
2013-11-04 19:04:20 -------- d-----w- C:\Users\TLC\AppData\Roaming\McAfee
2013-11-04 18:27:21 -------- d-----w- C:\Windows\SMINST
2013-11-04 16:56:46 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-11-04 16:56:46 -------- d-----r- C:\Users\TLC\SkyDrive
2013-11-04 16:56:31 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-11-04 16:53:20 566480 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-04 16:51:36 -------- d-----w- C:\Program Files\Microsoft Office 15
2013-11-04 16:18:19 -------- d-----w- C:\Users\TLC\AppData\Local\softthinks
2013-11-04 16:05:05 -------- d-----w- C:\Stinger_Quarantine
2013-11-04 16:05:03 -------- d-----w- C:\Program Files\stinger
2013-11-04 15:56:42 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-04 15:55:55 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-04 15:55:19 -------- d-----w- C:\Users\TLC\AppData\Roaming\Intel Corporation
2013-11-04 15:54:24 -------- d-----w- C:\Users\TLC\AppData\Local\Power2Go8
2013-11-04 15:54:15 -------- d-----w- C:\ProgramData\Atheros
2013-11-04 15:54:05 -------- d-----w- C:\Users\TLC\AppData\Roaming\Atheros
2013-11-04 15:53:54 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-04 15:53:44 -------- d-----r- C:\Users\TLC\Searches
2013-11-04 15:53:44 -------- d-----r- C:\Users\TLC\Contacts
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-09-25 01:29:46 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-09-25 01:25:40 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-09-25 01:22:48 781312 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-09-25 01:21:32 519192 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-09-25 01:20:28 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-09-25 01:19:56 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-09-25 01:03:12 69264 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2013-09-20 14:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 14:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 14:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH:  4:40:38.66 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 08 December 2013 - 05:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516192 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 10 December 2013 - 01:09 AM

1) This computer is only 3 months old. It came with X64 Windows 8, and I upgraded it to Windows Pro.

2) The computer has slowed to a crawl.

2a) The desktop icons refresh constantly, and it takes forever for the icon pictures to return.

2b) CD/DVD Player is always opening by itself.

2c) Frequently when I browse the internet, if I click on something nothing happens.

2d) I don't know if this is related but I figure I'll give as much information as I can. My Yahoo account was hacked and
sent a lot of spam to all my contacts.

2e) When I try to run aswMBR, it says it has encountered an error and immediately shuts down.

2f) Frequently my cpu and memory are at 100%, and there is nothing running.

2g) IE crashes constantly. Programs become unresponsive.

2h) I ran an ESET online scan and it told me I have this: C:\Program Files (x86)\Dell Backup and Recovery\Components
\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application
It also told me that I have this: C:\$RECYCLE.BIN\S-1-5-21-1728614643-3146882776-3930629701-1001\$R3EQIPD.exe a variant
of Win32/HiddenStart.A application

2i) My hard drive constantly says it needs to restart and repair errors, but everytime i restart my computer, i get
messages that my hard drive is still messed up and I need to restart my computer.

2j) I ran Dr. Web Cure it and it said I had DLOADER.TROJAN in C:\Documents and Settings\All Users\Downloaded
Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{B3AD181A-852C-40D7-9E8E-810E9E2CC826}\SBVIPRE_FW_EN.msi. I chose
remove it and suppossedly it was removed.

3) Despite it being so new, the hard drive has 6 partitions. Most of them are declared "hidden" or "empty".

3a) I've got Kaspersky and Adaware running as services.

3b) Cyberlink came with this computer. Cyberlink Media Service Server is always running a few instances in services.

3c) Internet explorer always runs about 5 separate processes even when it's not open.

3d) explorer.exe is non-stop connected to microsoft via port 443 or HTTPS. I see that through TCPView.

3e) svchost.exe is always communicating via UDP with something, and there are a lot of instances of it communicating.

4) About a month ago, I tried to download Clam AV, but it must have been a bad site as I downloaded "Artemis!"

5) Suppossedly, it had damaged my MBR, but I simply reinstalled the operating system, and figured everything would be O.K.

6) However, I was having problems, and I ran rogue killer, and I have attached two screenshots of what it says under "MBR" (See thumbnails from first post)

7) It says I have no operating system and some other stuff. Perhaps you can make sense of it.

8) I have expired certificates listed in the "trusted" root certificate storage.

9) When I go to a search engine and search, the address bar displays some weird stuff. Sometimes it shows the following
when I search "baseball":

"http://search.yahoo.com/search;_ylt=A0geuqO9h4NS.QgAhNBXNyoA;_ylc=X1MDMjc2NjY3OQRfcgMyBGJjawNjNjFtajlsOTg3MXR0JTI2YiUzRDM
lMjZzJTNEaXUEY3NyY3B2aWQDZnZrUjdrZ2V1ckIxYjJHMy5IZkNSZ096VEhSMFBWS0RoNzBBREtObQRmcgNtY3Nhb2ZmYmxvY2sEZnIyA3NiLXRvcARncHJpZ
AMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMARvcmlnaW4Dc2VhcmNoLnlhaG9vLmNvbQRwb3MDMARwcXN0cgMEcHFzdHJsAwRxc3RybAM4BHF1ZXJ
5A2Jhc2ViYWxsBHRfc3RtcAMxMzg0MzUxNjg3NjA1BHZ0ZXN0aWQDbnVsbA--?p=baseball&fr2=sb-top&fr=mcsaoffblock"

What is that?

10) Sometimes it just shows:

"http://search.yahoo.com/search?fr=mcsaoffblock&p=baseball"

What is this?

11) I ran a file integrity check and I have literally hundreds of unsigned files, drivers, etc. For example, these are
just two of the many unsigned files:

C:\DELL\Drivers\0WD12\Setup.exe:
Verified: Unsigned
Link date: 1:33 AM 5/18/2012
Publisher: n/a
Description: Setup.exe
Product: Setup
Prod version: 1, 0, 0, 1
File version: 1, 0, 0, 1
MachineType: 32-bit

C:\DELL\Drivers\0WD12\Win8\drivers\production\Windows8-x64\Bluetooth-Driver\devcon.exe:
Verified: Unsigned
Link date: 6:26 PM 7/13/2009
Publisher: Microsoft Corporation
Description: Windows Setup API
Product: Microsoft® Windows® Operating System
Prod version: 6.1.7600.16385
File version: 6.1.7600.16385 (win7_rtm.090713-1255)
MachineType: 64-bit

12) Anyway, any help that you could offer would be really great. I know I posted a lot of information, most is probably
irrelevant, but I just wanted to list as much as I could in order to help you guys help me. I have posted my DDS logs and
the pictures of what Rogue Killer shows about my MBR are visible as thumbnails from the very first post.

Thank you for your help. It does not go unappreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by TLC at 0:36:25 on 2013-12-10
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8061.5655 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uDefault_Page_URL = hxxp://dell13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [StrongVPN Client] "C:\WINDOWS\SysWOW64\StrongDial.exe" --silent
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install SafeKey IE RunOnce.lnk.disabled
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: SafeKey - C:\Users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 173.255.160.18 173.255.160.20
TCP: Interfaces\{0C6DE4E0-B3D5-4E47-891E-1239BF2A4943} : DHCPNameServer = 173.255.160.18 173.255.160.20
TCP: Interfaces\{5F0A5604-E0D9-4842-A499-53FE5F1B935A} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel64_4.5.15.0.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-5-10 652344]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2013-9-24 782360]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2013-9-24 343696]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-5-10 92536]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\Drivers\MOBK.sys [2013-11-7 66040]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/08 08:15:48];C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-9-13 130320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-5-10 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-28 226944]
R2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-11-8 77576]
R2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-11-8 327432]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-10 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-5-10 165760]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-7 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\Drivers\McPvDrv.sys [2013-11-7 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-7 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-11-7 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-11-7 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-4 1907896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-10 201872]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-11-4 1228504]
R2 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2013-11-21 73552]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-10 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-5-10 81536]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-28 33944]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2013-9-24 70112]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-11-7 197704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-10 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2013-9-24 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2013-9-24 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2013-9-20 390552]
R3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-11-4 18456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-5-10 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-5-10 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-10 32136]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\Drivers\tapstrong.sys [2013-11-21 38760]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-9-24 69344]
S2 0211621386122960mcinstcleanup;McAfee Application Installer Cleanup (0211621386122960);C:\Windows\TEMP\021162~1.EXE -cleanup -nolog --> C:\Windows\TEMP\021162~1.EXE -cleanup -nolog [?]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-28 89320]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-12-28 345832]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-12-28 115432]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-28 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-28 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-12-28 136424]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-28 578792]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-5-10 10752]
S3 DsRoleSvc;DS Role Server;C:\Windows\System32\lsass.exe [2013-5-10 35840]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2013-9-20 95984]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-10 28040]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-13 3921880]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-13 1042272]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-13 171416]
.
=============== Created Last 30 ================
.
2013-12-08 13:27:06 -------- d-----w- C:\Users\TLC\Doctor Web
2013-12-07 23:39:08 388096 ----a-r- C:\Users\TLC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-07 23:39:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-12-07 22:33:14 -------- d-----w- C:\Users\TLC\AppData\Local\Secunia PSI
2013-12-07 22:33:03 -------- d-----w- C:\Program Files (x86)\Secunia
2013-12-06 10:09:46 -------- d-----w- C:\Program Files\CCleaner
2013-12-05 10:16:05 -------- d-----w- C:\Users\TLC\AppData\Roaming\HandBrake
2013-11-30 18:46:40 3273216 ----a-w- C:\Windows\System32\ntdsai.dll
2013-11-30 18:46:32 45056 ----a-w- C:\Windows\System32\ntdsatq.dll
2013-11-30 18:31:42 -------- d-----w- C:\Windows\System32\BestPractices
2013-11-30 18:31:30 -------- d-----w- C:\Windows\ADAM
2013-11-30 07:46:07 86512 ----a-w- C:\Windows\SysWow64\StrongService.exe
2013-11-30 07:46:07 411632 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.dll
2013-11-30 07:46:07 380912 ----a-w- C:\Windows\SysWow64\StrongHelper.exe
2013-11-30 07:46:07 225264 ----a-w- C:\Windows\SysWow64\DotRas.dll
2013-11-30 07:46:06 1581552 ----a-w- C:\Windows\SysWow64\StrongDial.exe
2013-11-28 00:15:08 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-11-28 00:15:08 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-11-27 21:07:06 -------- d-----w- C:\Users\TLC\AppData\Local\ElevatedDiagnostics
2013-11-27 17:52:26 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2013-11-27 07:27:50 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPAQ.DLL
2013-11-27 07:27:50 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDAQ.DLL
2013-11-27 07:27:33 385024 ----a-w- C:\Windows\System32\CNMLMAQ.DLL
2013-11-27 07:27:13 373248 ----a-w- C:\Windows\System32\CNC_AQL.dll
2013-11-27 07:27:13 323584 ----a-w- C:\Windows\SysWow64\CNC_AQL.dll
2013-11-27 07:27:13 302080 ----a-w- C:\Windows\System32\CNC_AQC.dll
2013-11-27 07:27:13 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-11-27 07:27:13 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-11-27 07:27:13 114688 ----a-w- C:\Windows\SysWow64\CNC_AQU.dll
2013-11-27 07:27:13 112128 ----a-w- C:\Windows\System32\CNC_AQI.dll
2013-11-26 07:34:22 -------- d-----w- C:\Program Files (x86)\ESET
2013-11-23 09:57:44 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 17:52:44 -------- d-----w- C:\Users\TLC\AppData\Roaming\LavasoftStatistics
2013-11-22 17:39:22 -------- d-----w- C:\Program Files\Lavasoft
2013-11-22 17:38:52 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-11-22 10:04:04 -------- d-----w- C:\Sigcheck
2013-11-21 17:29:09 -------- d-----w- C:\Users\TLC\AppData\Roaming\Malwarebytes
2013-11-21 17:28:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-21 17:28:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 05:48:04 -------- d-----w- C:\Users\TLC\AppData\Local\Diagnostics
2013-11-21 05:00:57 -------- d-----w- C:\Users\TLC\AppData\Roaming\.strongvpn
2013-11-21 05:00:52 38760 ----a-w- C:\Windows\System32\drivers\tapstrong.sys
2013-11-21 05:00:50 -------- d-----w- C:\Program Files (x86)\StrongVPN
2013-11-13 15:21:22 -------- d-----w- C:\Users\TLC\AppData\Local\NPE
2013-11-13 15:21:22 -------- d-----w- C:\ProgramData\Norton
2013-11-13 15:13:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 15:13:26 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-13 10:14:43 -------- d-----w- C:\818cc3f882df8d7e9607
2013-11-13 09:36:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-13 06:59:58 -------- d-----w- C:\Program Files (x86)\Safer Networking
2013-11-13 06:41:42 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-13 06:41:42 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-13 06:41:34 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 06:41:34 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 06:41:18 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 06:41:16 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-11-13 06:41:16 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-13 06:41:15 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-11-13 06:41:14 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-13 06:41:14 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-13 06:41:12 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-13 06:41:12 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-13 05:26:47 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-11-13 05:26:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-11-13 05:26:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-10 07:31:35 -------- d-----w- C:\Users\TLC\AppData\Roaming\SUPERAntiSpyware.com
2013-11-10 07:31:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-11-10 07:31:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-11-10 07:00:27 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-10 07:00:23 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-10 06:59:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-10 06:49:41 -------- d-----w- C:\Windows\ERUNT
2013-11-10 06:25:21 -------- d-----w- C:\Users\TLC\Pavark
.
==================== Find3M  ====================
.
2013-11-22 11:04:29 90304 ----a-w- C:\strings.exe
2013-11-07 10:40:11 26838560 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-11-04 21:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-11-04 21:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-11-04 21:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-11-04 21:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-11-04 21:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-11-04 21:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-11-04 21:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-11-04 21:28:52 69344 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2013-11-04 12:42:02 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-09-23 18:49:22 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-09-20 14:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 14:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 14:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH:  0:36:40.64 ===============
 

Attached Files



#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 10 December 2013 - 06:11 PM

Hi Havin' Problems,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.



I would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:


Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on Combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


 

In your next post, please include the following:

  • Log from Combofix
  • Let me know of any problems you may have had
  • How is the computer doing now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 11 December 2013 - 06:29 PM

Hi Jason,

This is a list of my computer's behavior and below is the combofix log.

 

1) CD/DVD Player is still making a sound like it is about to open whenever i launch certain programs.

2) I still have the vipre toolbar installed.

3) When I try to run aswMBR, it still says it has encountered an error and immediately shuts down. I know I'm not suppossed to run any programs without you authorization but I just wanted to see if it would work.

4) cpu and memory are at 100% sometimes, but it seems less. (although I just ran Combofix so its hard to tell)

5) My hard drive still says it needs to restart and repair errors, but everytime i restart my computer, i get messages that my hard drive is still messed up and I need to restart my computer.

6) I still have expired and no-name certificates listed in the "trusted" root certificate storage. How does that happen?

 

The following are connections that I observed running TCPView while internet explorer was closed...
(I just want to know if this is normal behavior)

 

1) Communications service is always connected to Microsoft on port 443
2) Windows explorer has two connections to Microsoft on port 443, and 5 connections to Akamai on very high numbered ports.
3) A process called CLMSServerPDVD has three instances usually connected via UDP somewhere, but sometimes it uses TCP.
4) I have a strange process called "jhi" that is either connected or trying to connect. Is that a legit. process?

 

Now with Internet explorer running....

 

1) Internet Explorer has literally 50 connections to Google, Akamai, and some others on high numbered ports of mine but to a destination port of "80"
2) Something listed as "[System Process]" with a PID of "0", has literally 20 connections to Google.

 

Overall my computer seems slightly faster but not like it used to be. Here is my Combofix log.

 

Thank you for your help. It does not go unappreciated.
--Havin' Problems

 

 

ComboFix 13-12-10.01 - TLC 12/11/2013  13:52:40.1.2 - x64
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8061.5255 [GMT -5:00]
Running from: c:\users\TLC\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6361\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
C:\readme.txt
c:\windows\SysWow64\dwm.exe
c:\windows\SysWow64\igfxpers.exe
c:\windows\SysWow64\igfxtray.exe
c:\windows\SysWow64\mfevtps.exe
c:\windows\SysWow64\RuntimeBroker.exe
c:\windows\SysWow64\spoolsv.exe
c:\windows\SysWow64\taskhostex.exe
c:\windows\SysWow64\wininit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-11 to 2013-12-11  )))))))))))))))))))))))))))))))
.
.
2013-12-11 19:04 . 2013-12-11 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-10 21:13 . 2013-12-10 21:15 -------- d-----w- C:\2b2ee35360acefab747d510a
2013-12-10 21:10 . 2013-10-10 09:24 143872 ----a-w- c:\windows\system32\wshom.ocx
2013-12-08 13:27 . 2013-12-09 22:52 -------- d-----w- c:\users\TLC\Doctor Web
2013-12-08 00:53 . 2013-12-08 00:53 0 ----a-w- c:\windows\SysWow64\conhost.exe
2013-12-08 00:53 . 2013-12-08 00:53 0 ----a-w- c:\windows\SysWow64\winlogon.exe
2013-12-08 00:53 . 2013-12-08 00:53 0 ----a-w- c:\windows\SysWow64\services.exe
2013-12-08 00:53 . 2013-12-08 00:53 0 ----a-w- c:\windows\SysWow64\lsass.exe
2013-12-08 00:53 . 2013-12-08 00:53 0 ----a-w- c:\windows\SysWow64\smss.exe
2013-12-07 23:39 . 2013-12-07 23:39 388096 ----a-r- c:\users\TLC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-07 23:39 . 2013-12-07 23:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-07 22:33 . 2013-12-07 22:33 -------- d-----w- c:\users\TLC\AppData\Local\Secunia PSI
2013-12-07 22:33 . 2013-12-07 22:33 -------- d-----w- c:\program files (x86)\Secunia
2013-12-06 21:55 . 2013-12-06 21:55 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-12-06 10:09 . 2013-12-06 10:09 -------- d-----w- c:\program files\CCleaner
2013-12-05 10:16 . 2013-12-05 10:38 -------- d-----w- c:\users\TLC\AppData\Roaming\HandBrake
2013-11-30 18:46 . 2013-02-07 03:34 3273216 ----a-w- c:\windows\system32\ntdsai.dll
2013-11-30 18:46 . 2013-07-11 05:07 45056 ----a-w- c:\windows\system32\ntdsatq.dll
2013-11-30 18:31 . 2013-11-30 18:31 -------- d-----w- c:\windows\system32\BestPractices
2013-11-30 18:31 . 2013-11-30 18:31 -------- d-----w- c:\windows\ADAM
2013-11-30 07:46 . 2013-11-30 07:46 86512 ----a-w- c:\windows\SysWow64\StrongService.exe
2013-11-30 07:46 . 2013-11-30 07:46 411632 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.dll
2013-11-30 07:46 . 2013-11-30 07:46 380912 ----a-w- c:\windows\SysWow64\StrongHelper.exe
2013-11-30 07:46 . 2013-11-30 07:46 225264 ----a-w- c:\windows\SysWow64\DotRas.dll
2013-11-30 07:46 . 2013-11-30 07:46 1581552 ----a-w- c:\windows\SysWow64\StrongDial.exe
2013-11-28 00:15 . 2013-11-28 00:15 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-28 00:15 . 2013-11-28 00:15 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-11-27 21:07 . 2013-11-28 15:25 -------- d-----w- c:\users\TLC\AppData\Local\ElevatedDiagnostics
2013-11-27 17:52 . 2013-11-27 17:52 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2013-11-27 07:28 . 2013-11-27 07:28 -------- d-----w- c:\programdata\CanonBJ
2013-11-27 07:27 . 2012-03-14 10:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAQ.DLL
2013-11-27 07:27 . 2012-03-14 10:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAQ.DLL
2013-11-27 07:27 . 2012-03-14 10:00 385024 ----a-w- c:\windows\system32\CNMLMAQ.DLL
2013-11-27 07:27 . 2011-04-27 16:01 373248 ----a-w- c:\windows\system32\CNC_AQL.dll
2013-11-27 07:27 . 2011-04-27 16:00 323584 ----a-w- c:\windows\SysWow64\CNC_AQL.dll
2013-11-27 07:27 . 2011-03-31 15:07 114688 ----a-w- c:\windows\SysWow64\CNC_AQU.dll
2013-11-27 07:27 . 2011-03-31 15:07 302080 ----a-w- c:\windows\system32\CNC_AQC.dll
2013-11-27 07:27 . 2011-03-31 15:06 112128 ----a-w- c:\windows\system32\CNC_AQI.dll
2013-11-27 07:27 . 2008-08-25 23:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-11-27 07:27 . 2008-08-25 23:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-11-27 03:07 . 2013-11-27 03:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-11-26 07:34 . 2013-11-26 07:34 -------- d-----w- c:\program files (x86)\ESET
2013-11-23 09:57 . 2013-11-23 09:57 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-22 18:19 . 2013-11-22 18:19 -------- d-----w- c:\users\TLC\AppData\Roaming\Lavasoft
2013-11-22 17:39 . 2013-11-22 17:39 -------- d-----w- c:\program files\Lavasoft
2013-11-22 17:38 . 2013-11-22 17:38 -------- d-----w- c:\program files\Common Files\Lavasoft
2013-11-22 17:38 . 2013-11-22 17:38 -------- d-----w- c:\programdata\Lavasoft
2013-11-22 10:04 . 2013-11-22 10:06 -------- d-----w- C:\Sigcheck
2013-11-21 17:29 . 2013-11-21 17:29 -------- d-----w- c:\users\TLC\AppData\Roaming\Malwarebytes
2013-11-21 17:28 . 2013-11-27 19:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-21 17:28 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-21 05:48 . 2013-11-21 05:48 -------- d-----w- c:\users\TLC\AppData\Local\Diagnostics
2013-11-21 05:00 . 2013-12-10 21:38 -------- d-----w- c:\users\TLC\AppData\Roaming\.strongvpn
2013-11-21 05:00 . 2013-10-31 19:43 38760 ----a-w- c:\windows\system32\drivers\tapstrong.sys
2013-11-21 05:00 . 2013-11-21 05:01 -------- d-----w- c:\program files (x86)\StrongVPN
2013-11-14 12:31 . 2013-11-14 12:33 -------- d-----w- c:\users\BigBadJohn
2013-11-13 15:21 . 2013-12-03 08:22 -------- d-----w- c:\users\TLC\AppData\Local\NPE
2013-11-13 15:21 . 2013-11-13 15:21 -------- d-----w- c:\programdata\Norton
2013-11-13 15:13 . 2013-12-04 00:53 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 15:13 . 2013-12-04 00:53 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-13 10:14 . 2013-11-13 10:16 -------- d-----w- C:\818cc3f882df8d7e9607
2013-11-13 09:36 . 2013-11-13 09:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-11-13 06:59 . 2013-11-13 07:00 -------- d-----w- c:\program files (x86)\Safer Networking
2013-11-13 06:41 . 2013-10-02 23:25 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 06:41 . 2013-10-01 22:22 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 06:41 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 06:41 . 2013-10-01 23:26 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 06:41 . 2013-09-04 03:11 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 06:41 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-11-13 06:41 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 06:41 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-11-13 06:41 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-13 06:41 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-13 06:41 . 2013-09-23 22:30 419328 ----a-w- c:\windows\system32\schannel.dll
2013-11-13 06:41 . 2013-09-23 22:30 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2013-11-13 06:40 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 06:40 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 05:26 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2013-11-13 05:26 . 2013-12-06 17:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-11-13 05:26 . 2013-11-13 05:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 21:13 . 2013-11-04 21:09 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-03 11:53 . 2013-11-10 06:59 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-22 11:04 . 2013-10-31 20:18 562368 ----a-w- C:\RAMMap.exe
2013-11-22 11:04 . 2013-10-31 20:18 294080 ----a-w- C:\sigcheck.exe
2013-11-22 11:04 . 2013-06-18 20:12 596160 ----a-w- C:\ZoomIt.exe
2013-11-22 11:04 . 2013-06-18 20:12 90304 ----a-w- C:\strings.exe
2013-11-22 11:04 . 2013-03-25 04:24 150720 ----a-w- C:\ru.exe
2013-11-22 11:04 . 2013-01-09 20:26 155736 ----a-w- C:\sdelete.exe
2013-11-22 11:04 . 2012-10-17 23:28 144984 ----a-w- C:\whois.exe
2013-11-22 11:04 . 2012-09-10 14:16 1056392 ----a-w- C:\vmmap.exe
2013-11-22 11:04 . 2011-07-25 17:40 300832 ----a-w- C:\Tcpview.exe
2013-11-22 11:04 . 2011-02-14 17:37 729464 ----a-w- C:\Winobj.exe
2013-11-22 11:04 . 2010-07-28 20:47 199544 ----a-w- C:\Tcpvcon.exe
2013-11-22 11:04 . 2008-02-27 23:51 103464 ----a-w- C:\ShellRunas.exe
2013-11-22 11:04 . 2007-04-27 15:17 87424 ----a-w- C:\streams.exe
2013-11-22 11:04 . 2006-11-01 19:07 334720 ----a-w- C:\RootkitRevealer.exe
2013-11-22 11:04 . 2006-11-01 19:07 260976 ----a-w- C:\ShareEnum.exe
2013-11-22 11:04 . 2006-11-01 19:06 162616 ----a-w- C:\RegDelNull.exe
2013-11-22 11:04 . 2006-11-01 19:05 154424 ----a-w- C:\Volumeid.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\sync.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\regjump.exe
2013-11-22 11:04 . 2012-10-17 23:28 171608 ----a-w- C:\pspasswd.exe
2013-11-22 11:04 . 2012-10-02 19:03 167048 ----a-w- C:\psping.exe
2013-11-22 11:04 . 2012-06-22 04:34 468592 ----a-w- C:\pskill.exe
2013-11-22 11:04 . 2012-03-22 20:53 232232 ----a-w- C:\pslist.exe
2013-11-22 11:04 . 2010-04-27 16:04 178040 ----a-w- C:\psloglist.exe
2013-11-22 11:04 . 2010-04-27 16:04 390520 ----a-w- C:\PsInfo.exe
2013-11-22 11:04 . 2010-04-27 16:04 183160 ----a-w- C:\PsLoggedon.exe
2013-11-22 11:04 . 2010-04-27 16:04 169848 ----a-w- C:\PsService.exe
2013-11-22 11:04 . 2006-12-04 22:53 207664 ----a-w- C:\psshutdown.exe
2013-11-22 11:04 . 2006-12-04 22:53 187184 ----a-w- C:\pssuspend.exe
2013-11-22 11:04 . 2013-10-22 13:59 387776 ----a-w- C:\PsExec.exe
2013-11-22 11:04 . 2013-07-31 18:08 2799296 ----a-w- C:\procexp.exe
2013-11-22 11:04 . 2013-05-31 20:54 2489024 ----a-w- C:\Procmon.exe
2013-11-22 11:04 . 2010-04-27 16:04 333176 ----a-w- C:\PsGetsid.exe
2013-11-22 11:04 . 2006-12-04 22:53 105264 ----a-w- C:\psfile.exe
2013-11-22 11:04 . 2013-05-16 04:46 478400 ----a-w- C:\procdump.exe
2013-11-22 11:04 . 2013-03-25 04:24 223424 ----a-w- C:\du.exe
2013-11-22 11:04 . 2013-02-05 04:46 130648 ----a-w- C:\pendmoves.exe
2013-11-22 11:04 . 2013-01-23 05:12 462936 ----a-w- C:\handle.exe
2013-11-22 11:04 . 2013-01-23 05:12 130160 ----a-w- C:\movefile.exe
2013-11-22 11:04 . 2012-10-17 23:28 539736 ----a-w- C:\livekd.exe
2013-11-22 11:04 . 2012-01-13 22:35 451392 ----a-w- C:\portmon.exe
2013-11-22 11:04 . 2011-07-07 18:28 520496 ----a-w- C:\Listdlls.exe
2013-11-22 11:04 . 2011-07-07 18:28 103216 ----a-w- C:\FindLinks.exe
2013-11-22 11:04 . 2010-09-07 20:39 150392 ----a-w- C:\junction.exe
2013-11-22 11:04 . 2010-04-30 16:43 261496 ----a-w- C:\logonsessions.exe
2013-11-22 11:04 . 2010-03-24 19:00 580984 ----a-w- C:\DiskView.exe
2013-11-22 11:04 . 2006-11-01 19:06 215928 ----a-w- C:\pagedfrg.exe
2013-11-22 11:04 . 2006-11-01 19:06 154424 ----a-w- C:\LoadOrd.exe
2013-11-22 11:04 . 2006-11-01 19:06 154424 ----a-w- C:\ldmdump.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\hex2dec.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\pipelist.exe
2013-11-22 11:04 . 2006-11-01 19:05 146232 ----a-w- C:\efsdump.exe
2013-11-22 11:04 . 2006-11-01 19:05 122680 ----a-w- C:\ntfsinfo.exe
2013-11-22 11:04 . 1999-10-14 19:45 11728 ----a-w- C:\DMON.SYS
2013-11-22 11:04 . 2013-07-31 18:08 1767104 ----a-w- C:\disk2vhd.exe
2013-11-22 11:04 . 2012-12-03 16:10 468056 ----a-w- C:\Dbgview.exe
2013-11-22 11:04 . 2012-11-14 16:22 1479256 ----a-w- C:\Coreinfo.exe
2013-11-22 11:04 . 2012-10-17 23:28 116824 ----a-w- C:\Desktops.exe
2013-11-22 11:04 . 2007-05-14 13:42 87424 ----a-w- C:\diskext.exe
2013-11-22 11:04 . 2006-11-01 19:06 224056 ----a-w- C:\Diskmon.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\ctrl2cap.exe
2013-11-22 11:04 . 2006-09-27 23:04 10104 ----a-w- C:\ctrl2cap.amd.sys
2013-11-22 11:04 . 1999-11-22 00:46 2832 ----a-w- C:\ctrl2cap.nt5.sys
2013-11-22 11:04 . 1999-11-21 23:20 2864 ----a-w- C:\ctrl2cap.nt4.sys
2013-11-22 11:04 . 2013-07-31 18:08 579264 ----a-w- C:\autorunsc.exe
2013-11-22 11:04 . 2013-07-31 18:08 847040 ----a-w- C:\Bginfo.exe
2013-11-22 11:04 . 2013-07-31 18:08 661184 ----a-w- C:\autoruns.exe
2013-11-22 11:04 . 2012-11-14 16:22 207960 ----a-w- C:\Contig.exe
2013-11-22 11:04 . 2009-06-04 03:36 151936 ----a-w- C:\Clockres.exe
2013-11-22 11:04 . 2006-11-01 19:06 154424 ----a-w- C:\Cacheset.exe
2013-11-22 11:04 . 2012-11-14 16:22 479832 ----a-w- C:\ADExplorer.exe
2013-11-22 11:04 . 2011-02-22 20:18 148856 ----a-w- C:\Autologon.exe
2013-11-22 11:04 . 2007-11-20 18:25 1049640 ----a-w- C:\ADInsight.exe
2013-11-22 11:04 . 2006-11-01 19:05 150328 ----a-w- C:\adrestore.exe
2013-11-22 11:04 . 2013-05-16 04:46 328384 ----a-w- C:\accesschk.exe
2013-11-22 11:04 . 2006-11-01 19:06 174968 ----a-w- C:\AccessEnum.exe
2013-11-13 15:39 . 2013-11-04 16:53 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-07 10:40 . 2013-11-07 10:40 26838560 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-11-04 21:51 . 2013-09-25 01:29 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 21:46 . 2013-09-25 01:25 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 21:46 . 2013-11-07 11:03 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 21:43 . 2013-09-25 01:22 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 21:41 . 2013-09-25 01:21 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 21:40 . 2013-09-25 01:20 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 21:39 . 2013-09-25 01:19 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-11-04 21:28 . 2013-09-25 01:03 69344 ----a-w- c:\windows\system32\drivers\mfeelamk.sys
2013-11-04 15:56 . 2013-11-04 15:56 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-04 15:55 . 2013-11-04 15:55 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-04 15:52 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-04 12:42 . 2013-11-04 12:42 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-10-17 16:14 . 2013-11-07 03:58 965000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E99AA69E-0A75-45AC-AEFA-2C631992D00D}\gapaengine.dll
2013-10-14 05:12 . 2013-11-07 03:58 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCD50610-289B-4E71-9DA9-6CD35D5A3A91}\mpengine.dll
2013-09-23 18:49 . 2013-11-07 11:09 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}"= "c:\program files (x86)\SafeKey\LPToolbar.dll" [2013-11-07 728080]
.
[HKEY_CLASSES_ROOT\clsid\{61d700c1-7d8d-43c5-9c13-4ff85157cfe6}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{0A715D8A-947C-4ab1-AF67-62881ED45206}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-04 19:37 222832 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-04 19:37 222832 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-04 19:37 222832 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrongVPN Client"="c:\windows\SysWOW64\StrongDial.exe" [2013-11-30 1581552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Install SafeKey IE RunOnce.lnk.disabled [2013-11-7 2148]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 0146131386712982mcinstcleanup;McAfee Application Installer Cleanup (0146131386712982);c:\windows\TEMP\014613~1.EXE;c:\windows\TEMP\014613~1.EXE [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 DsRoleSvc;DS Role Server;c:\windows\System32\lsass.exe;c:\windows\SYSNATIVE\lsass.exe [x]
R3 MFE_RR;MFE_RR;c:\users\TLC\AppData\Local\Temp\mfe_rr.sys;c:\users\TLC\AppData\Local\Temp\mfe_rr.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/08 08:15];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 StrongVPN Service;StrongVPN Service;c:\program files (x86)\StrongVPN\StrongService.exe;c:\program files (x86)\StrongVPN\StrongService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
S3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys;c:\windows\SYSNATIVE\DRIVERS\tapstrong.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-11-10 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DB059B3-DD36-4a55-846C-59BE42A1202A}]
2013-11-07 10:40 1055096 ----a-w- c:\program files (x86)\SafeKey\LPToolbar_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}"= "c:\program files (x86)\SafeKey\LPToolbar_x64.dll" [2013-11-07 1055096]
.
[HKEY_CLASSES_ROOT\CLSID\{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{0A715D8A-947C-4ab1-AF67-62881ED45206}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-04 19:37 261744 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-04 19:37 261744 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-04 19:37 261744 ----a-w- c:\users\TLC\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-13 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-13 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-13 15:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"BtPreLoad"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe" [2012-12-28 64640]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-18 2493272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://espn.go.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: SafeKey - file://c:\users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - file://c:\users\TLC\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-29500189.sys
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-12-11  14:22:22
ComboFix-quarantined-files.txt  2013-12-11 19:22
.
Pre-Run: 75,023,716,352 bytes free
Post-Run: 74,871,590,912 bytes free
.
- - End Of File - - E77EC3ECF45AE3793EBBFDB05A5A0822
A36C5E4F47E84449FF07ED3517B43A31
 



#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 11 December 2013 - 10:53 PM

Havin' Problems,

Your thorough list of the computer's behavior is really helpful. Thanks! :) I'll go through these one by one...
 

1) CD/DVD Player is still making a sound like it is about to open whenever i launch certain programs.

When did you notice this start happening? Can you determine what specific programs you hear the sound for? Just to clarify, it's the CD/DVD player itself making a mechanical sound like it's trying to open the tray, correct?
 

2) I still have the vipre toolbar installed.

We will uninstall this shortly. :)
 

3) When I try to run aswMBR, it still says it has encountered an error and immediately shuts down. I know I'm not suppossed to run any programs without you authorization but I just wanted to see if it would work.
4) cpu and memory are at 100% sometimes, but it seems less. (although I just ran Combofix so its hard to tell)

These two may be related. We might be dealing with a rootkit here.
 

5) My hard drive still says it needs to restart and repair errors, but everytime i restart my computer, i get messages that my hard drive is still messed up and I need to restart my computer.

Have you recently tried to run chkdsk from the Command Prompt? (If you haven't, go ahead and run chkdsk /r now, and allow your computer to restart to have it run successfully.)
 

6) I still have expired and no-name certificates listed in the "trusted" root certificate storage. How does that happen?

 
Root certificates can be automatically downloaded and handled by the browser. It's not uncommon to have expired and no-name certificates listed. You can probably safely remove these. If a website requests a particular certificate, a new, non-expired one will usually be automatically downloaded.
 

The following are connections that I observed running TCPView while internet explorer was closed...
(I just want to know if this is normal behavior)
 
1) Communications service is always connected to Microsoft on port 443
2) Windows explorer has two connections to Microsoft on port 443, and 5 connections to Akamai on very high numbered ports.
3) A process called CLMSServerPDVD has three instances usually connected via UDP somewhere, but sometimes it uses TCP.
4) I have a strange process called "jhi" that is either connected or trying to connect. Is that a legit. process?

  • Port 443 is commonly used for HTTPS traffic. I think what you see here with TCPView is legitimate.  
  • Akamai appears like a legitimate company related to "secure client-side networking technology that enhances networking protocols for delivery of software and media." So it makes sense to see 5 connections to it.  
  • CLMSServerPDVD is a process relating to Cyberlink Power DVD. I think the UDP and TCP traffic you see here is legitimate.
  • jhi_service.exe does look like a legit process, associated with Intel® Identity Protection Technology Host Interface Service

1) Internet Explorer has literally 50 connections to Google, Akamai, and some others on high numbered ports of mine but to a destination port of "80"
2) Something listed as "[System Process]" with a PID of "0", has literally 20 connections to Google.

It's not uncommon for a web browser to have that many connections, particularly on port 80, which is used for HTTP traffic. For number 2, that's odd, and something we can hopefully resolve.

 
:step1: Uninstall Multiple Antivirus Programs
Part of the slowness you're seeing may be from having more than one antivirus installed. I don't recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Programs and Features in the Control Panel, and remove Ad-Aware Antivirus or McAfee Anti-Virus and Anti-Spyware

 

:step2: Spybot S&D or Ad-Aware are no longer recommended

  • mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)
  • Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.
  • More effective alternatives are Malwarebytes Anti-Malware and/or SUPERAntiSpyware Free.

 

:step3: TDSSkiller
Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • When the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:

  • TDSSKiller log
  • How's the computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 13 December 2013 - 01:41 AM

Hi Jason, here are some updates,

 

1) I removed all antivirus and spyware apps except Mcafee.

1a) To answer your questions: When did you notice this start happening? I'm not really sure. Can you determine what specific programs you hear the sound for? I've heard it occasionally with a few programs, but 99% of the time it occurs when I open Windows Media Player. Also whenever I hear the sound, the little green LED on the CD/DVD player also flashes. If I click on a movie that will open Windows Media Player and then play that movie, I always hear it. However if I leave windows media player open, stop the movie that is playing, and then click on another video to play, i never hear it. It doesn't appear to be caused by just playing a video in windows media player, but rather caused by playing a movie in windows media player when windows media player is closed and has to open. So basically, if I click on the windows media player icon, whether i'm playing a movie or not, there is always a delay, followed by that sound and flashing LED. One other time that I usually hear it is when booting up or restarting the computer. It happens right when the computer is starting up. Just to clarify, it's the CD/DVD player itself making a mechanical sound like it's trying to open the tray, correct? Exactly.

2) Sometimes my thumbnails of pictures and videos go blank when i close the videos or pictures folder, and they have to reload every time that i re-open the folders. Frequently when I open any folder, and leave it open, there is always a green updating bar elongating along the address bar of the folder, from left to right, indicating that it is updating, but I haven't changed anything in the folder to cause it to update. The green bar starts on the left end of the address and progresses until it fills the whole address bar and the process just keeps repeating.

3) I think i downloaded a bad secunia. I have included parts of its log at the bottom. Every hour its connecting to some server as you will see.

3a) Frequently I'll be typing something in internet explorer or Microsoft Word, and it is almost like someone else has clicked in another window and the window I was typing in is no longer the "front window" and until I realize it, I am typing for nothing, because what I was typing in is no longer the "active" window.

4) Mcafee deleted Combofix, it said it contained the virus Artemis. I'm pretty sure it was a false positive.

5) All the things that I thought were deleted by Combofix, I think, are still active in Process Explorer.

6) I ran chkdsk /f a few times, followed by a restart, but I'm still getting messages that my hard drive has many errors and needs to be restarted. A few times I ran chkdsk, restarted the computer and it just hung at 28% for hours.

7) Files I have never seen before are being added to my Windows folder.

8) My hard drive is shrinking by the gigabyte everytime I check it. (in terms of space available).

9) I also included a windows update log at the bottom. It shows redirections to websites and stuff that just doesn't look right.

10) I have included a ton of information, please don't waste your time on what you feel is unimportant.

11) Two things that I would like you to take a look at are in the WindowsUpdate and Secunia logs, there are connections to strange websites and redirections to different websites. That can't be normal. Please check that out if you could. The stuff in red concerns me a bit. What do you think?

12) When I go to control panel and then uninstall programs, it lists "Mcafee" as being installed two days ago, and "Microsoft Office" as being installed yesterday. Both were installed in September.

13) Lastly CyberlinkMediaServer has a lot of ADS streams, whatever that means.

 

 

 

 

 

Here are some pieces of a few logs that i found interesting:

 

This is from CyberLink Media Server:

2013/12/11 15:01:59 | [CClientRequestJob::DoSetEventHandler] subscribe event port 53664 to be notified (clisd=428)

2013/12/11 15:01:59 | [CMediaLibrary::CDefaultEventHandler::OnNotifyServerWakeUP]

 

This is from desktop.ini:

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21791

InfoTip=@%SystemRoot%\system32\shell32.dll,-12690

IconResource=%SystemRoot%\system32\imageres.dll,-189

IconFile=%SystemRoot%\system32\shell32.dll

IconIndex=-238

 

This is from a PFRO log:

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\y7czt44t, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\yarvtkyf, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\yhiu1hqz, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\yjlm6fub, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\yor5s5jn, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\z5j3t97f.exe, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\zew1dxvs, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\zj2as9ga, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\zp2l95tk, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\ztewppfx, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - PFRO Error: \??\C:\Users\TLC\AppData\Local\Temp\4F45DAF4-D14A16E0-5207168C-94C02264\zudtqnqu, |delete operation|, 0xc000003a

 

12/10/2013 0:13:11 - 0 Successful PFRO operations

 

12/10/2013 16:29:40 - PFRO Error: \??\c:\2b2ee35360acefab747d510a, |delete operation|, 0xc0000101

 

12/10/2013 16:29:40 - 0 Successful PFRO operations

 

12/11/2013 15:1:14 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a

 

12/11/2013 15:1:14 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe, |delete operation|, 0xc000003a

 

12/11/2013 15:1:14 - PFRO Error: \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, |delete operation|, 0xc0000034

 

12/11/2013 15:1:14 - PFRO Error: \??\C:\test0123, \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, 0xc0000034

 

12/11/2013 15:1:14 - 3 Successful PFRO operations

 

This is from a Windows update log. Look at the redirections:

 

2013-12-11        15:04:07:604     424      1398     EP        Got 7971F918-A847-4430-9279-4A52D1EFE18D redir Client/Server URL: "https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx"

 

2013-12-11        15:04:09:448     424      1398     PT        +++++++++++  PT: Synchronizing server updates  +++++++++++

 

2013-12-11        15:04:09:448     424      1398     PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx

 

2013-12-11        15:04:17:496     424      1398     Driver   Matched driver to device PCI\VEN_8086&DEV_1E03&SUBSYS_05971028&REV_04

 

2013-12-11        15:04:17:496     424      1398     Driver   Status: 0x180000a, ProblemNumber: 00000000

 

2013-12-11        15:04:20:575     424      1398     PT        +++++++++++  PT: Synchronizing extended update info  +++++++++++

 

2013-12-11        15:04:20:575     424      1398     PT          + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx

 

2013-12-11        15:04:24:325     424      de8       AU        Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-install notify} added to AU services list

 

2013-12-11        15:04:24:325     424      de8       AU        Triggering Offline detection (non-interactive)

 

2013-12-11        15:04:24:340     424      1398     Agent     * Added update {54CE90B3-531A-4B6E-9D8D-FD60EC8CE69C}.200 to search result

 

2013-12-11        15:04:34:658     424      1398     Agent   *************

 

2013-12-11        15:12:34:701     424      11fc      EP        Got 7971F918-A847-4430-9279-4A52D1EFE18D redir Client/Server URL: "https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx"

2013-12-11        15:12:34:701     424      11fc      PT        WARNING: Cached cookie has expired or new PID is available

2013-12-11        15:12:35:046     424      11fc      EP        Got 7971F918-A847-4430-9279-4A52D1EFE18D redir Reporting URL: "http://statsfe1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx"

2013-12-11        15:12:35:046     424      11fc      Report  Uploading 1 events using cached cookie, reporting URL = http://statsfe1.update.microsoft.com/ReportingWebService/ReportingWebService.asmx

2013-12-11        15:12:35:092     424      11fc      Report  Reporter successfully uploaded 1 events.

2013-12-11        15:13:28:370     424      de8       Report  WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002

2013-12-11        15:14:35:698     424      de8       AU        ###########  AU: Uninitializing Automatic Updates  ###########

2013-12-11        15:14:36:938     424      de8       WuTask Uninit WU Task Manager

2013-12-11        15:14:36:938     424      de8       WuTask ScheduledInstallTaskHandler, setting scheduled install attempt time to 2013-12-13 07:42:56, using automatic maintenance:True.

2013-12-11        15:14:37:313     424      de8       Service *********

2013-12-11        15:14:37:313     424      de8       Service **  END  **  Service: Service exit [Exit code = 0x240001]

2013-12-11        15:14:37:313     424      de8       Service *************

 

This is from a Secunia Log:

[12/11 16:50:02.599] Disabling WoW64 filesystem redirection for scan

[12/11 16:50:02.599] Initializing Filesystem Inspector

[12/11 16:50:02.599] File Inspector initialized

[12/11 16:50:02.599] Scanning files

[12/11 16:50:02.615] No results to submit

 

[12/11 16:52:32.540] NewFiles contains 35 files

[12/11 16:52:32.540] Disabling WoW64 filesystem redirection for scan

[12/11 16:52:32.540] Initializing Filesystem Inspector

[12/11 16:52:32.540] File Inspector initialized

[12/11 16:52:32.540] Scanning files

[12/11 16:52:32.540] Scanning file: 'C:\32788R22FWJFW\EN-US\iexplore.exe'

[12/11 16:52:32.540] INFO: Unable to read file 'C:\32788R22FWJFW\EN-US\iexplore.exe'

[12/11 16:52:32.540] Scanning file: 'C:\32788R22FWJFW\ffdefstr.dll'

[12/11 16:52:32.540] INFO: Unable to read file 'C:\32788R22FWJFW\ffdefstr.dll'

[12/11 16:52:32.540] Scanning file: 'C:\32788R22FWJFW\firefox.exe'

[12/11 16:52:32.540] INFO: Unable to read file 'C:\32788R22FWJFW\firefox.exe'

[12/11 16:52:32.540] Scanning file: 'C:\32788R22FWJFW\handle64.exe'

[12/11 16:52:32.540] INFO: Unable to read file 'C:\32788R22FWJFW\handle64.exe'

[12/11 16:52:32.540] Scanning file: 'C:\32788R22FWJFW\iexplore.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\iexplore.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\CS.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\CS.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\DS.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\DS.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\firefox.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\firefox.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\iexplore.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\iexplore.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\LS.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\LS.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\License\SF.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\License\SF.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\NircmdB.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\NircmdB.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\PEV.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\PEV.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\pv.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\pv.exe'

[12/11 16:52:32.555] Scanning file: 'C:\32788R22FWJFW\SF.exe'

[12/11 16:52:32.555] INFO: Unable to read file 'C:\32788R22FWJFW\SF.exe'

[12/11 16:52:32.555] Scanning file: 'C:\ComboFix\en-US\iexplore.exe'

[12/11 16:52:32.555] Scanning file: 'C:\ComboFix\ffdefstr.dll'

[12/11 16:52:32.555] Invalid magic number: 0x2228

[12/11 16:52:32.571] Scanning file: 'C:\ComboFix\iexplore.exe'

[12/11 16:52:32.571] Scanning file: 'C:\ComboFix\NircmdB.exe'

[12/11 16:52:32.571] Scanning file: 'C:\ComboFix\PEV.exe'

[12/11 16:52:32.571] Scanning file: 'C:\ComboFix\SF.exe'

[12/11 16:52:32.571] Scanning file: 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\ExecCmd.dll'

[12/11 16:52:32.571] INFO: Unable to read file 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\ExecCmd.dll'

[12/11 16:52:32.571] Scanning file: 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\nsExec.dll'

[12/11 16:52:32.571] INFO: Unable to read file 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\nsExec.dll'

[12/11 16:52:32.571] Scanning file: 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\NSISdl.dll'

[12/11 16:52:32.571] INFO: Unable to read file 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\NSISdl.dll'

[12/11 16:52:32.571] Scanning file: 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\nsProcess.dll'

[12/11 16:52:32.571] INFO: Unable to read file 'C:\Users\TLC\AppData\Local\Temp\nskB6A4.tmp\nsProcess.dll'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\grep.exe'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\MBR.exe'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\NIRCMD.exe'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\PEV.exe'

[12/11 16:52:32.571] Scanning file: 'C:\WINDOWS\sed.exe'

[12/11 16:52:32.586] Scanning file: 'C:\WINDOWS\SWREG.exe'

[12/11 16:52:32.586] Scanning file: 'C:\WINDOWS\SWSC.exe'

[12/11 16:52:32.586] Scanning file: 'C:\WINDOWS\SWXCACLS.exe'

[12/11 16:52:32.586] Scanning file: 'C:\WINDOWS\zip.exe'

[12/11 16:52:32.586] Generating results

[12/11 16:52:32.586] Submitting results

[12/11 16:52:32.586] Connecting to psi3.secunia.com:443

[12/11 16:52:32.586] POST /psi_api/3009/?action=data&agent_version=3.0.0.9015&scantype=4&tz=18000&domain=0&uid=Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ui=agent&langroup=WORKGROUP&host=SWEETHOMEAL

[12/11 16:52:32.586] Request timeouts : 60000ms, 30000ms, 30000ms

[12/11 16:52:32.727] Connection error. Trying direct connection.

[12/11 16:52:32.727] Error in HttpRequest: status=499, statusText='The server name or address could not be resolved',winCode=12007

[12/11 16:52:33.102] Server returned 12007 : "The server name or address could not be resolved"

[12/11 16:52:33.180]

 

[12/11 17:32:04.234] NewFiles contains 1 files

[12/11 17:32:04.244] Disabling WoW64 filesystem redirection for scan

[12/11 17:32:04.244] Initializing Filesystem Inspector

[12/11 17:32:04.244] File Inspector initialized

[12/11 17:32:04.244] Scanning files

[12/11 17:32:04.244] Scanning file: 'C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll'

[12/11 17:32:04.244] Generating results

[12/11 17:32:04.254] Submitting results

[12/11 17:32:04.254] Connecting to psi3.secunia.com:443

[12/11 17:32:04.254] POST /psi_api/3009/?action=data&agent_version=3.0.0.9015&scantype=4&tz=18000&domain=0&uid=Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ui=agent&langroup=WORKGROUP&host=SWEETHOMEAL

[12/11 17:32:04.254] Request timeouts : 60000ms, 30000ms, 30000ms

[12/11 17:32:05.294] Connecting to psi3.secunia.com:443

[12/11 17:32:05.294] GET /psi_api/3009/?action=status&status_id=&uid=Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ui=agent&langroup=WORKGROUP&host=SWEETHOMEAL

[12/11 17:32:05.294] Request timeouts : 60000ms, 30000ms, 30000ms

[12/11 17:32:06.314] Scan complete

 

[12/11 17:32:06.584] Checking in with server (psi3.secunia.com)

[12/11 17:32:06.584] Connecting to psi3.secunia.com:443

[12/11 17:32:06.584] GET /psi_api/3009/?action=agent_check&agent_version=3.0.0.9015&tz=18000&fm=0x00000000&uid=Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ui=agent&langroup=WORKGROUP&host=SWEETHOMEAL

[12/11 17:32:06.584] Request timeouts : 60000ms, 30000ms, 30000ms

[12/11 17:32:07.595] Starting filter driver

[12/11 17:32:07.625] -- Program Configuration --

-- Internal variables  --

Version                   3.0.0.9015

BinPath                   C:\Program Files (x86)\Secunia\PSI\PSIA.exe

BinDir                    C:\Program Files (x86)\Secunia\PSI

APPNAME                   Secunia PSI Agent

BINNAME                   psi.exe

-- Logging Settings  --

LogLevel                  2

LogFile                   C:\Program Files (x86)\Secunia\PSI\psialog.txt

LogFileMax                2097152

-- UserId options --

CAUser                    Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-- Scan options --

ScanType                  2

CheckOSUpdates            1

-- Customer Area options --

GroupName                

-- Network Configuration --

API_SERVER_HOST           psi3.secunia.com

API_SERVER_PORT           443

API_BASE_URI              /psi_api/3009/?

-- Connectivity Options: --

RequestTimeout            120

NetworkImplementation     WinInet

-- Proxy options --

ProxyURL                 

ProxyUser                 

ProxyPass                 <Not Set>

ProxyConfigState          0

-- Security options --

IgnoreInvalidCN           0

IgnoreUnknownCA           0

IgnoreCertRevocation      0

-- Service options --

InstallService            0

StartService              1

RemoveService             0

RunAsUser                

RunAsPass                 <Not Set>

RunAsLocalSystem          0

DontWriteRegistry         0

Foreground                0

-- Computer Information --

ComputerName              SWEETHOMEAL

LanGroup                  WORKGROUP

CurrentUser               SYSTEM

UserPrincipalName        

-- CheckIn Information --

CheckInInterval           5400

LastCheckIn               12/11/13 17:32:06

NextInspection            12/18/13 15:07:00

ServerTime                12/11/13 17:32:04

REG_KEY_PATH              SOFTWARE\Secunia\PSIA

RegConfKey                HKEY_LOCAL_MACHINE

[12/11 17:32:07.625] Connecting to psi3.secunia.com:443

[12/11 17:32:07.625] GET /psi_api/3009/?action=agent_data&uid=Thy35l3WHRf1742f83c4ddc400b62609xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ui=agent&langroup=WORKGROUP&host=SWEETHOMEAL

[12/11 17:32:07.625] Request timeouts : 60000ms, 30000ms, 30000ms

[12/11 17:32:09.075] Got data from server

[12/11 17:32:09.075] Checked firstuse

[12/11 17:32:09.075] notifying...

[12/11 17:32:09.075] notifying :: 0 :: defaults

[12/11 17:32:09.075] Entering refreshData

[12/11 17:32:09.075] Refreshing full data results

[12/11 17:32:09.085] Found secure/ignored (64bit)Connection Manager Administration Kit (CMAK) 7.x not ignored

[12/11 17:32:09.085] Found new result (64bit)Connection Manager Administration Kit (CMAK) 7.x

[12/11 17:32:09.085] Found secure/ignored (64bit)Windows Media Center 6.x not ignored

[12/11 17:32:09.085] Found new result (64bit)Windows Media Center 6.x

[12/11 17:32:09.085] Found secure/ignored (64bit)Microsoft XPS-Viewer 6.x not ignored

[12/11 17:32:09.085] Found new result (64bit)Microsoft XPS-Viewer 6.x

[12/11 17:32:09.085] Found secure/ignored (32bit)AdExp 1.x not ignored

[12/11 17:32:09.085] Found new result (32bit)AdExp 1.x

[12/11 17:32:09.085] Found secure/ignored (32bit)Microsoft AccessEnum 1.x not ignored

[12/11 17:32:09.085] Found new result (32bit)Microsoft AccessEnum 1.x

[12/11 17:32:09.085] Found secure/ignored (32bit)ADInsight 1.x not ignored

[12/11 17:32:09.085] Found new result (32bit)ADInsight 1.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Realtek Voice Manager 2.x not ignored

[12/11 17:32:09.095] Found new result (32bit)Realtek Voice Manager 2.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Microsoft DiskMon 2.x not ignored

[12/11 17:32:09.095] Found new result (32bit)Microsoft DiskMon 2.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Microsoft DiskView 2.x not ignored

[12/11 17:32:09.095] Found new result (32bit)Microsoft DiskView 2.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Microsoft Desktops not ignored

[12/11 17:32:09.095] Found new result (32bit)Microsoft Desktops

[12/11 17:32:09.095] Found secure/ignored (32bit)coreinfo 3.x not ignored

[12/11 17:32:09.095] Found new result (32bit)coreinfo 3.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Microsoft Contig 1.x not ignored

[12/11 17:32:09.095] Found new result (32bit)Microsoft Contig 1.x

[12/11 17:32:09.095] Found secure/ignored (32bit)Clockres 2.x not ignored

[12/11 17:32:09.095] Found new result (32bit)Clockres 2.x

[12/11 17:32:09.105] Found secure/ignored (32bit)Microsoft BGInfo 4.x not ignored

[12/11 17:32:09.105] Found new result (32bit)Microsoft BGInfo 4.x

[12/11 17:32:09.105] Found secure/ignored (32bit)Autolog 3.x not ignored

[12/11 17:32:09.105] Found new result (32bit)Autolog 3.x

[12/11 17:32:09.105] Found secure/ignored (32bit)Apple Software Update 2.x not ignored

[12/11 17:32:09.105] Found new result (32bit)Apple Software Update 2.x

[12/11 17:32:09.105] Found secure/ignored (32bit)Microsoft Process Monitor 3.x not ignored

[12/11 17:32:09.105] Found new result (32bit)Microsoft Process Monitor 3.x

[12/11 17:32:09.105] Found secure/ignored (32bit)Microsoft ListDLLs 3.x not ignored

[12/11 17:32:09.105] Found new result (32bit)Microsoft ListDLLs 3.x

[12/11 17:32:09.105] Found secure/ignored (32bit)FindLinks 1.x not ignored

[12/11 17:32:09.105] Found new result (32bit)FindLinks 1.x

[12/11 17:32:09.105] Found secure/ignored (32bit)iCloud 1.x not ignored

[12/11 17:32:09.105] Found new result (32bit)iCloud 1.x

[12/11 17:32:09.115] Found secure/ignored (32bit)Apple Bonjour for Windows 3.x not ignored

[12/11 17:32:09.115] Found new result (32bit)Apple Bonjour for Windows 3.x

[12/11 17:32:09.115] Found secure/ignored (32bit)CyberLink LabelPrint 2.x not ignored

[12/11 17:32:09.115] Found new result (32bit)CyberLink LabelPrint 2.x

[12/11 17:32:09.115] Found secure/ignored (32bit)CyberLink Power2Go 8.x not ignored

[12/11 17:32:09.115] Found new result (32bit)CyberLink Power2Go 8.x

[12/11 17:32:09.115] Found secure/ignored (32bit)Cyberlink PowerDVD 10.x not ignored

[12/11 17:32:09.115] Found new result (32bit)Cyberlink PowerDVD 10.x

[12/11 17:32:09.115] Found secure/ignored (32bit)CyberLink PowerDVD 13.x not ignored

[12/11 17:32:09.115] Found new result (32bit)CyberLink PowerDVD 13.x

[12/11 17:32:09.115] Found secure/ignored (64bit)Microsoft Powershell 6.x not ignored

[12/11 17:32:09.115] Found new result (64bit)Microsoft Powershell 6.x

[12/11 17:32:09.115] Found secure/ignored (32bit)CyberLink PowerDirector 10.x not ignored

[12/11 17:32:09.115] Found new result (32bit)CyberLink PowerDirector 10.x

[12/11 17:32:09.115] Found secure/ignored (32bit)ESET Online Scanner 1.x not ignored

[12/11 17:32:09.125] Found new result (32bit)ESET Online Scanner 1.x

[12/11 17:32:09.125] Found secure/ignored (32bit)DVDFab 9.x not ignored

[12/11 17:32:09.125] Found new result (32bit)DVDFab 9.x

[12/11 17:32:09.125] Found secure/ignored (32bit)MakeMKV 1.x not ignored

[12/11 17:32:09.125] Found new result (32bit)MakeMKV 1.x

[12/11 17:32:09.125] Found secure/ignored (32bit)Malwarebytes Anti-Malware 1.x not ignored

[12/11 17:32:09.125] Found new result (32bit)Malwarebytes Anti-Malware 1.x

[12/11 17:32:09.125] Found secure/ignored (32bit)Intel Rapid Storage Technology 11.x not ignored

[12/11 17:32:09.125] Found new result (32bit)Intel Rapid Storage Technology 11.x

[12/11 17:32:09.125] Found secure/ignored (32bit)Intel Management Engine 8.x not ignored

[12/11 17:32:09.125] Found new result (32bit)Intel Management Engine 8.x

[12/11 17:32:09.285] Found secure/ignored (32bit)Secunia PSI (Personal Software Inspector) 3.x not ignored

[12/11 17:32:09.285] Found new result (32bit)Secunia PSI (Personal Software Inspector) 3.x

[12/11 17:32:09.285] Found secure/ignored (64bit)AdobeFlashActiveX not ignored

[12/11 17:32:09.285] Found secure/ignored (64bit)AdobeFlashActiveX not ignored

[12/11 17:32:09.285] Final results 135 detected, 0 missing, 0 automatic

[12/11 17:32:09.295] server.setIcon('green')

[12/11 17:32:09.295] notifying :: 1 :: sua

[12/11 17:32:09.365] updateUI: 9d4f76cf1588431882811cf737dd81e008054e12 with message: secure

[12/11 17:32:09.365] updateUI: 5c148668c1ca2e304727cbeb89df8161e91689e9 with message: secure

[12/11 17:32:09.365] updateUI: 423170b0b93cf39c33e374a98f5c3543117dfdd7 with message: secure

[12/11 17:32:09.375] updateUI: 9fe7cb7b3d50bf252214ea68e220f7fd5c089af5 with message: secure

[12/11 17:32:09.375] updateUI: ef8cd5ae02979f14ddc96a8d7faed28390e3cbb6 with message: secure

[12/11 17:32:09.375] updateUI: 7bffa3fc9bf63c0d7f08206d8cf6a53536227dd7 with message: secure

[12/11 17:32:09.375] updateUI: 743b9848941a302265d28212e3f8cf455f3b2d19 with message: secure

[12/11 17:32:09.375] updateUI: 007886ac9f21fb7761f920c76af157df5c098e2d with message: secure

[12/11 17:32:09.375] updateUI: 9569d6d579f37cf4dfed04b4d3b310ab613e091f with message: secure

[12/11 17:32:09.375] updateUI: 3833258d965b95b35fa6d066a2cb75cea5baa43c with message: secure

[12/11 17:32:09.375] updateUI: 8e60d593a90fb8e2663bb364d13e9db197d83760 with message: secure

[12/11 17:32:09.375] updateUI: 19fac6b6d8d51541b2d4f91b3b342780c3cbe468 with message: secure

[12/11 17:32:09.375] updateUI: d71a1447c04d0e3078398200a4ce98ed1bc77f96 with message: secure

[12/11 17:32:09.375] updateUI: cb7595aa51db41b9455b527b2f096a5f46dcc8f6 with message: secure

[12/11 17:32:09.375] updateUI: fd17cd368a11b96ac1dc842d51a675ad00f3139b with message: secure

[12/11 17:32:09.385] updateUI: 122c05f5625d0dccd8f4efd1bb397f2dd38de255 with message: secure

[12/11 17:32:09.385] updateUI: 0e556ba6ae7658e92cd6f8ab00e26e749be968e3 with message: secure

[12/11 17:32:09.385] updateUI: 369b31022b996fbe6f20eb7c8531ceb03669508f with message: secure

[12/11 17:32:09.385] updateUI: da6c22540108a53f8c04cef9431e6241ebb784b5 with message: secure

[12/11 17:32:09.385] updateUI: 9486afc0893d9e0a9d2f14ea894f88343ce4507a with message: secure

[12/11 17:32:09.385] updateUI: 63124636e0c6a027001d4614f396a294ce72f7db with message: secure

[12/11 17:32:09.385] updateUI: e33e55df9dd87b9c8923d1016ebea1a9d84767a7 with message: secure

[12/11 17:32:09.385] updateUI: 1606cc090a3d2a5d15cc789a2d1d700aab253ca1 with message: secure

[12/11 17:32:09.385] updateUI: 614c81e1f825454ad2c0f467da1983007d6ea1cb with message: secure

[12/11 17:32:09.385] updateUI: 6892c2f93469704f752121358da2b0ca5f8d0e60 with message: secure

[12/11 17:32:09.385] updateUI: 9f60116678faeeb18693d12de0db3b8b1b8f694f with message: secure

[12/11 17:32:09.385] updateUI: f0ab7ac403a7400f482626148cf18b0aadae97db with message: secure

[12/11 17:32:09.385] updateUI: 7aba77ca3742e2246606b5ca222ffe5da5876ace with message: secure

[12/11 17:32:09.395] updateUI: 557d6dbc3de0e941292b33d98bc085f1167bb644 with message: secure

[12/11 17:32:09.395] updateUI: 0f8337465da5de718102ef9e7ae461827df647e0 with message: secure

[12/11 17:32:09.395] updateUI: a2e2766cd6b2449e4a4d76baf0832d3891d8ac3f with message: secure

[12/11 17:32:09.395] updateUI: 2be834f2e2e0c7e8711ff3841d633c22a42deda7 with message: secure

[12/11 17:32:09.395] updateUI: 328b953cabcaebfe74b7535c90bf8e8640b17b51 with message: secure

[12/11 17:32:09.475] updateUI: f2231c88705aaaf267443a8e6ac62ca5b6806acc with message: secure

[12/11 17:32:09.475] updateUI: fdb611749d03c068d6bebef8f96366b19f0e6c2c with message: secure

[12/11 17:32:09.475] notify done

[12/11 17:32:09.475] notify

[12/11 17:32:46.044] Disabling WoW64 filesystem redirection for scan

[12/11 17:32:46.044] Initializing Filesystem Inspector

[12/11 17:32:46.044] File Inspector initialized

[12/11 17:32:46.044] Scanning files

[12/11 17:32:46.054] No results to submit

 

Every hour the above sequence would repeat. Why is secunia checking in with a server every hour? That can't be normal.

Sorry to bombard you with data. I just really want this thing fixed and I'm doing as much as I can to help you help me.

Please just look at what you think might be important.

 

 

 

 

Thanks again, I really appreciate your help,

Havin' Problems

 



#8 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 13 December 2013 - 01:44 AM

Jason, I ran out of room. Following is my TDSS Log.

 

00:07:00.0031 0x0c44  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
00:07:00.0031 0x0c44  UEFI system
00:07:05.0454 0x0c44  ============================================================
00:07:05.0454 0x0c44  Current date / time: 2013/12/13 00:07:05.0454
00:07:05.0454 0x0c44  SystemInfo:
00:07:05.0454 0x0c44 
00:07:05.0454 0x0c44  OS Version: 6.2.9200 ServicePack: 0.0
00:07:05.0454 0x0c44  Product type: Workstation
00:07:05.0454 0x0c44  ComputerName: SWEETHOMEAL
00:07:05.0454 0x0c44  UserName: TLC
00:07:05.0454 0x0c44  Windows directory: C:\Windows
00:07:05.0454 0x0c44  System windows directory: C:\Windows
00:07:05.0454 0x0c44  Running under WOW64
00:07:05.0454 0x0c44  Processor architecture: Intel x64
00:07:05.0454 0x0c44  Number of processors: 2
00:07:05.0454 0x0c44  Page size: 0x1000
00:07:05.0454 0x0c44  Boot type: Normal boot
00:07:05.0454 0x0c44  ============================================================
00:07:07.0297 0x0c44  KLMD registered as C:\Windows\system32\drivers\61953081.sys
00:07:07.0485 0x0c44  System UUID: {727C5EA8-1C0B-471A-BC50-9B5136AF333F}
00:07:08.0047 0x0c44  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:07:08.0047 0x0c44  ============================================================
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0:
00:07:08.0047 0x0c44  GPT partitions:
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AC892DA6-3AFD-4044-BF81-A9298C8B55AA}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {143E5719-1BBB-48E9-9F94-539BD7284B0E}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9CB88B58-0DE0-45BB-9F1C-E116C51CA9FD}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {02FA502D-F0F2-493E-A61C-20291A44E1D1}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xFA000
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {09B39966-E53D-46F2-9269-F1A1AF357758}, Name: Basic data partition, StartLBA 0x248800, BlocksNum 0x389E4800
00:07:08.0047 0x0c44  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1876A7BB-379D-4372-9B16-4AE5C1EA0F11}, Name: Microsoft recovery partition, StartLBA 0x38C2D000, BlocksNum 0x1758830
00:07:08.0047 0x0c44  MBR partitions:
00:07:08.0047 0x0c44  ============================================================
00:07:08.0079 0x0c44  C: <-> \Device\Harddisk0\DR0\Partition5
00:07:08.0079 0x0c44  ============================================================
00:07:08.0079 0x0c44  Initialize success
00:07:08.0079 0x0c44  ============================================================
00:07:36.0238 0x1848  ============================================================
00:07:36.0238 0x1848  Scan started
00:07:36.0238 0x1848  Mode: Manual; TDLFS;
00:07:36.0238 0x1848  ============================================================
00:07:36.0238 0x1848  KSN ping started
00:07:38.0770 0x1848  KSN ping finished: true
00:07:39.0317 0x1848  ================ Scan system memory ========================
00:07:39.0317 0x1848  System memory - ok
00:07:39.0317 0x1848  ================ Scan services =============================
00:07:39.0410 0x1848  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:07:39.0410 0x1848  !SASCORE - ok
00:07:39.0520 0x1848  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
00:07:39.0535 0x1848  1394ohci - ok
00:07:39.0535 0x1848  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
00:07:39.0535 0x1848  3ware - ok
00:07:39.0567 0x1848  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:07:39.0582 0x1848  ACPI - ok
00:07:39.0598 0x1848  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
00:07:39.0598 0x1848  acpiex - ok
00:07:39.0629 0x1848  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
00:07:39.0629 0x1848  acpipagr - ok
00:07:39.0629 0x1848  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
00:07:39.0629 0x1848  AcpiPmi - ok
00:07:39.0629 0x1848  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
00:07:39.0629 0x1848  acpitime - ok
00:07:39.0645 0x1848  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:07:39.0660 0x1848  adp94xx - ok
00:07:39.0692 0x1848  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:07:39.0707 0x1848  adpahci - ok
00:07:39.0723 0x1848  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:07:39.0723 0x1848  adpu320 - ok
00:07:39.0754 0x1848  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:07:39.0754 0x1848  AeLookupSvc - ok
00:07:39.0801 0x1848  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:07:39.0801 0x1848  AERTFilters - ok
00:07:39.0864 0x1848  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD             C:\Windows\system32\drivers\afd.sys
00:07:39.0879 0x1848  AFD - ok
00:07:39.0895 0x1848  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:07:39.0895 0x1848  agp440 - ok
00:07:39.0926 0x1848  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
00:07:39.0926 0x1848  ALG - ok
00:07:39.0942 0x1848  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
00:07:39.0957 0x1848  AllUserInstallAgent - ok
00:07:39.0973 0x1848  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
00:07:39.0973 0x1848  AmdK8 - ok
00:07:40.0004 0x1848  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
00:07:40.0004 0x1848  AmdPPM - ok
00:07:40.0004 0x1848  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:07:40.0004 0x1848  amdsata - ok
00:07:40.0020 0x1848  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:07:40.0020 0x1848  amdsbs - ok
00:07:40.0035 0x1848  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:07:40.0035 0x1848  amdxata - ok
00:07:40.0051 0x1848  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
00:07:40.0051 0x1848  AppID - ok
00:07:40.0067 0x1848  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:07:40.0067 0x1848  AppIDSvc - ok
00:07:40.0098 0x1848  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
00:07:40.0098 0x1848  Appinfo - ok
00:07:40.0176 0x1848  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:07:40.0176 0x1848  Apple Mobile Device - ok
00:07:40.0208 0x1848  [ 2D14788C5D0836292BEB27BBE109BE56, D032FDBD9E1708F77348655DE00DB395E38EB27A7EC3FB2EF3BA07D22CBC1402 ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:07:40.0208 0x1848  AppMgmt - ok
00:07:40.0255 0x1848  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
00:07:40.0255 0x1848  arc - ok
00:07:40.0271 0x1848  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:07:40.0271 0x1848  arcsas - ok
00:07:40.0271 0x1848  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:07:40.0271 0x1848  AsyncMac - ok
00:07:40.0287 0x1848  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:07:40.0287 0x1848  atapi - ok
00:07:40.0302 0x1848  [ CE2BCBDC20734F372B70B94704D3092D, 33C586C1A9C9D357A589F102341EFCFFE465553B54E7C875867F0E15587F53B7 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
00:07:40.0302 0x1848  AthBTPort - ok
00:07:40.0380 0x1848  [ E8967FC2F24134D585821F5AC6060EA7, 05978C2A0896FF3FD8A4DEFFA7834835B95AB793C6FFEC46CE5C50603AAB21A9 ] AtherosSvc      C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
00:07:40.0396 0x1848  AtherosSvc - ok
00:07:40.0537 0x1848  [ 62B78165A465844CC7552F5D2E051E71, F155BB64A8FE6332E34E4DDFCD08F02CA148908E55A9E5DBEF958605FF8B9A2E ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
00:07:40.0615 0x1848  athr - ok
00:07:40.0662 0x1848  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
00:07:40.0662 0x1848  AudioEndpointBuilder - ok
00:07:40.0724 0x1848  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:07:40.0740 0x1848  Audiosrv - ok
00:07:40.0771 0x1848  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:07:40.0771 0x1848  AxInstSV - ok
00:07:40.0818 0x1848  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:07:40.0818 0x1848  b06bdrv - ok
00:07:40.0849 0x1848  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
00:07:40.0849 0x1848  BasicDisplay - ok
00:07:40.0865 0x1848  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
00:07:40.0865 0x1848  BasicRender - ok
00:07:40.0896 0x1848  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
00:07:40.0896 0x1848  BDESVC - ok
00:07:40.0927 0x1848  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
00:07:40.0927 0x1848  Beep - ok
00:07:40.0974 0x1848  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
00:07:40.0990 0x1848  BFE - ok
00:07:41.0037 0x1848  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
00:07:41.0068 0x1848  BITS - ok
00:07:41.0099 0x1848  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:07:41.0099 0x1848  Bonjour Service - ok
00:07:41.0115 0x1848  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:07:41.0115 0x1848  bowser - ok
00:07:41.0146 0x1848  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
00:07:41.0162 0x1848  BrokerInfrastructure - ok
00:07:41.0177 0x1848  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
00:07:41.0193 0x1848  Browser - ok
00:07:41.0224 0x1848  [ 6A4643DCE663775C70CFCA8DB454E2A7, 07393385C2EA0519E342C52AC304A4D2D4A142A4E3D11F3BB2DEE4A2F1FD47C9 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
00:07:41.0240 0x1848  BTATH_A2DP - ok
00:07:41.0240 0x1848  [ 38383A47A110BDA90839BFA7A5918189, 876647EC7D5B5C02B8BD75A89BCC6174A05C9F26912ABA5116330CB367E7D3E5 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
00:07:41.0240 0x1848  btath_avdt - ok
00:07:41.0302 0x1848  [ D5418AF1B9AC86D89C045026EFBD5FB7, A23B6EEB5779DEE146E12207E6ED68EA514673436A9FC1ECBAE46D586F02D468 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
00:07:41.0302 0x1848  BTATH_BUS - ok
00:07:41.0318 0x1848  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
00:07:41.0318 0x1848  BTATH_HCRP - ok
00:07:41.0333 0x1848  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:07:41.0333 0x1848  BTATH_LWFLT - ok
00:07:41.0349 0x1848  [ A6019537D6125099363F90D0C6D181F9, CA0C46AABBF71E2A29C93A477A06D33E3CACC84978DD9D729BEFB339E50D7055 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
00:07:41.0349 0x1848  BTATH_RCP - ok
00:07:41.0396 0x1848  [ 32DDD9C91224BE4BB4AB9DC96E4A9FBB, 15DB31B375A758C321D89B4609EC1ACA5DAD9F748B45D43231C118C246ADA9A6 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
00:07:41.0412 0x1848  BtFilter - ok
00:07:41.0443 0x1848  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
00:07:41.0443 0x1848  BthAvrcpTg - ok
00:07:41.0474 0x1848  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
00:07:41.0474 0x1848  BthEnum - ok
00:07:41.0490 0x1848  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
00:07:41.0490 0x1848  BthHFEnum - ok
00:07:41.0505 0x1848  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
00:07:41.0505 0x1848  bthhfhid - ok
00:07:41.0521 0x1848  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
00:07:41.0537 0x1848  BthLEEnum - ok
00:07:41.0568 0x1848  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
00:07:41.0568 0x1848  BTHMODEM - ok
00:07:41.0568 0x1848  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:07:41.0583 0x1848  BthPan - ok
00:07:41.0662 0x1848  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
00:07:41.0677 0x1848  BTHPORT - ok
00:07:41.0709 0x1848  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
00:07:41.0709 0x1848  bthserv - ok
00:07:41.0740 0x1848  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
00:07:41.0740 0x1848  BTHUSB - ok
00:07:41.0849 0x1848  catchme - ok
00:07:41.0865 0x1848  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:07:41.0865 0x1848  cdfs - ok
00:07:41.0912 0x1848  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
00:07:41.0912 0x1848  cdrom - ok
00:07:41.0943 0x1848  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:07:41.0943 0x1848  CertPropSvc - ok
00:07:41.0990 0x1848  [ C3EF5F5F169165C01DF8DB9F884D3F1C, E192E46FDC8C15D3AD48B191A99EDFA6B6053384EF9DB76FDE4C1150911A05E8 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
00:07:42.0005 0x1848  cfwids - ok
00:07:42.0021 0x1848  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
00:07:42.0021 0x1848  circlass - ok
00:07:42.0052 0x1848  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
00:07:42.0052 0x1848  CLFS - ok
00:07:42.0084 0x1848  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
00:07:42.0084 0x1848  CLVirtualDrive - ok
00:07:42.0099 0x1848  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
00:07:42.0099 0x1848  CmBatt - ok
00:07:42.0130 0x1848  [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG             C:\Windows\system32\Drivers\cng.sys
00:07:42.0130 0x1848  CNG - ok
00:07:42.0162 0x1848  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
00:07:42.0162 0x1848  CompositeBus - ok
00:07:42.0162 0x1848  COMSysApp - ok
00:07:42.0177 0x1848  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
00:07:42.0177 0x1848  condrv - ok
00:07:42.0240 0x1848  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
00:07:42.0255 0x1848  cphs - ok
00:07:42.0287 0x1848  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:07:42.0287 0x1848  CryptSvc - ok
00:07:42.0334 0x1848  [ F2C69C3D98249DE14D4B2832516D4FD5, 5F622A61A99202802B35532036CFCFDFB1FDEC32465BA8CCAB4C4FAFA336FC2A ] CSC             C:\Windows\system32\drivers\csc.sys
00:07:42.0349 0x1848  CSC - ok
00:07:42.0380 0x1848  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4, 7F6F888CF4D7EF93144A791891E41858F7C0CDDC0B65ED09B9CD55EE3734FCCF ] CscService      C:\Windows\System32\cscsvc.dll
00:07:42.0396 0x1848  CscService - ok
00:07:42.0505 0x1848  [ C27F53A0D1C825D8D83358A5B05B4BCF, 265B5AC074619E7AA6F08E076B84009A981D1B6E97EF51C0109F1C26463580A8 ] CyberLink PowerDVD 13 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
00:07:42.0521 0x1848  CyberLink PowerDVD 13 Media Server Monitor Service - ok
00:07:42.0537 0x1848  [ 63EED7C96924CEB6C1FBA3A9A7A13690, B51AAC6EE03192C0E0DADB5E2169813344AAFE9D817F7B009FF402A668EE2332 ] CyberLink PowerDVD 13 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
00:07:42.0537 0x1848  CyberLink PowerDVD 13 Media Server Service - ok
00:07:42.0584 0x1848  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
00:07:42.0584 0x1848  dam - ok
00:07:42.0646 0x1848  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:07:42.0662 0x1848  DcomLaunch - ok
00:07:42.0677 0x1848  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
00:07:42.0693 0x1848  defragsvc - ok
00:07:42.0709 0x1848  [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn        C:\Windows\System32\drivers\DellRbtn.sys
00:07:42.0724 0x1848  DellRbtn - ok
00:07:42.0755 0x1848  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
00:07:42.0771 0x1848  DeviceAssociationService - ok
00:07:42.0834 0x1848  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
00:07:42.0834 0x1848  DeviceInstall - ok
00:07:42.0849 0x1848  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
00:07:42.0849 0x1848  Dfsc - ok
00:07:42.0880 0x1848  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:07:42.0896 0x1848  Dhcp - ok
00:07:42.0912 0x1848  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
00:07:42.0912 0x1848  discache - ok
00:07:42.0927 0x1848  [ 560495FF4CA22E1D9B1972FA18F43B6F, 41FFDD4C1097AA857A8177E34F101A1A9C1429A4E8DEC3D395C6135A9E112CD6 ] disk            C:\Windows\system32\drivers\disk.sys
00:07:42.0927 0x1848  disk - ok
00:07:42.0959 0x1848  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
00:07:42.0959 0x1848  dmvsc - ok
00:07:42.0990 0x1848  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:07:42.0990 0x1848  Dnscache - ok
00:07:43.0021 0x1848  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
00:07:43.0021 0x1848  dot3svc - ok
00:07:43.0037 0x1848  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
00:07:43.0037 0x1848  DPS - ok
00:07:43.0052 0x1848  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:07:43.0052 0x1848  drmkaud - ok
00:07:43.0115 0x1848  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
00:07:43.0115 0x1848  DsmSvc - ok
00:07:43.0146 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] DsRoleSvc       C:\Windows\System32\lsass.exe
00:07:43.0146 0x1848  DsRoleSvc - ok
00:07:43.0224 0x1848  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:07:43.0255 0x1848  DXGKrnl - ok
00:07:43.0287 0x1848  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
00:07:43.0287 0x1848  Eaphost - ok
00:07:43.0412 0x1848  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:07:43.0490 0x1848  ebdrv - ok
00:07:43.0505 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\Windows\System32\lsass.exe
00:07:43.0505 0x1848  EFS - ok
00:07:43.0568 0x1848  [ 4B84E647C934EDFF7F28C4B91A5C0864, 909770C436273CFCE606F5FDE5D66AA2A826C85DF03F0CDDAED3D2300E3ADBF7 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:07:43.0584 0x1848  ehRecvr - ok
00:07:43.0615 0x1848  [ 72781EC7A97E44B9651550D7A83D1B96, E587687BF27DE23326EBFC9E38D461CCE10D3DDA35F7D586ED32A4788AE96718 ] ehSched         C:\Windows\ehome\ehsched.exe
00:07:43.0615 0x1848  ehSched - ok
00:07:43.0646 0x1848  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
00:07:43.0646 0x1848  EhStorClass - ok
00:07:43.0662 0x1848  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
00:07:43.0662 0x1848  EhStorTcgDrv - ok
00:07:43.0677 0x1848  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
00:07:43.0677 0x1848  ErrDev - ok
00:07:43.0818 0x1848  [ 0571E626B1FDB6A83F67F11ACC65D2C0, 78590CD49BFAE9CC0F607C1BA28F5E4EF324823BAE05A27DA9D50C385B94DF18 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys
00:07:43.0818 0x1848  ESProtectionDriver - ok
00:07:43.0880 0x1848  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
00:07:43.0896 0x1848  EventSystem - ok
00:07:43.0927 0x1848  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
00:07:43.0927 0x1848  exfat - ok
00:07:43.0943 0x1848  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:07:43.0959 0x1848  fastfat - ok
00:07:43.0990 0x1848  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
00:07:44.0005 0x1848  Fax - ok
00:07:44.0037 0x1848  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
00:07:44.0037 0x1848  fdc - ok
00:07:44.0084 0x1848  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:07:44.0084 0x1848  fdPHost - ok
00:07:44.0084 0x1848  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:07:44.0099 0x1848  FDResPub - ok
00:07:44.0115 0x1848  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
00:07:44.0115 0x1848  fhsvc - ok
00:07:44.0130 0x1848  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:07:44.0130 0x1848  FileInfo - ok
00:07:44.0146 0x1848  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:07:44.0146 0x1848  Filetrace - ok
00:07:44.0177 0x1848  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
00:07:44.0177 0x1848  flpydisk - ok
00:07:44.0209 0x1848  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:07:44.0209 0x1848  FltMgr - ok
00:07:44.0271 0x1848  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
00:07:44.0302 0x1848  FontCache - ok
00:07:44.0381 0x1848  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:07:44.0381 0x1848  FontCache3.0.0.0 - ok
00:07:44.0396 0x1848  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:07:44.0396 0x1848  FsDepends - ok
00:07:44.0412 0x1848  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:07:44.0412 0x1848  Fs_Rec - ok
00:07:44.0474 0x1848  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:07:44.0490 0x1848  fvevol - ok
00:07:44.0521 0x1848  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
00:07:44.0521 0x1848  FxPPM - ok
00:07:44.0521 0x1848  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:07:44.0521 0x1848  gagp30kx - ok
00:07:44.0568 0x1848  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:07:44.0568 0x1848  GEARAspiWDM - ok
00:07:44.0599 0x1848  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
00:07:44.0599 0x1848  gencounter - ok
00:07:44.0646 0x1848  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
00:07:44.0646 0x1848  GPIOClx0101 - ok
00:07:44.0693 0x1848  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:07:44.0724 0x1848  gpsvc - ok
00:07:44.0756 0x1848  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
00:07:44.0756 0x1848  HDAudBus - ok
00:07:44.0771 0x1848  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
00:07:44.0771 0x1848  HidBatt - ok
00:07:44.0802 0x1848  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
00:07:44.0818 0x1848  HidBth - ok
00:07:44.0834 0x1848  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
00:07:44.0834 0x1848  hidi2c - ok
00:07:44.0849 0x1848  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
00:07:44.0849 0x1848  HidIr - ok
00:07:44.0881 0x1848  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\System32\hidserv.dll
00:07:44.0881 0x1848  hidserv - ok
00:07:44.0896 0x1848  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
00:07:44.0896 0x1848  HidUsb - ok
00:07:44.0943 0x1848  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
00:07:44.0943 0x1848  HipShieldK - ok
00:07:44.0959 0x1848  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:07:44.0959 0x1848  hkmsvc - ok
00:07:44.0974 0x1848  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:07:44.0990 0x1848  HomeGroupListener - ok
00:07:45.0021 0x1848  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:07:45.0037 0x1848  HomeGroupProvider - ok
00:07:45.0131 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:45.0131 0x1848  HomeNetSvc - ok
00:07:45.0162 0x1848  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:07:45.0162 0x1848  HpSAMD - ok
00:07:45.0240 0x1848  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:07:45.0256 0x1848  HTTP - ok
00:07:45.0287 0x1848  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:07:45.0287 0x1848  hwpolicy - ok
00:07:45.0302 0x1848  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
00:07:45.0302 0x1848  hyperkbd - ok
00:07:45.0302 0x1848  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
00:07:45.0302 0x1848  HyperVideo - ok
00:07:45.0334 0x1848  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
00:07:45.0334 0x1848  i8042prt - ok
00:07:45.0381 0x1848  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044, 0486DDD6EC60A9695BC8D030158503E02BB0561EEA4B9F4A7FB19F89B3622C90 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
00:07:45.0396 0x1848  iaStorA - ok
00:07:45.0443 0x1848  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:07:45.0459 0x1848  iaStorV - ok
00:07:45.0646 0x1848  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:07:45.0756 0x1848  igfx - ok
00:07:45.0771 0x1848  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:07:45.0771 0x1848  iirsp - ok
00:07:45.0849 0x1848  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:07:45.0881 0x1848  IKEEXT - ok
00:07:46.0037 0x1848  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11, EA729B622F30E847E2700787E6747A33769B405DD08D36175AACF42BE7A8600F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:07:46.0115 0x1848  IntcAzAudAddService - ok
00:07:46.0162 0x1848  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:07:46.0177 0x1848  IntcDAud - ok
00:07:46.0228 0x1848  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
00:07:46.0244 0x1848  Intel® Capability Licensing Service Interface - ok
00:07:46.0260 0x1848  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:07:46.0260 0x1848  intelide - ok
00:07:46.0275 0x1848  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
00:07:46.0275 0x1848  intelppm - ok
00:07:46.0291 0x1848  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:07:46.0291 0x1848  IpFilterDriver - ok
00:07:46.0338 0x1848  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:07:46.0369 0x1848  iphlpsvc - ok
00:07:46.0385 0x1848  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
00:07:46.0385 0x1848  IPMIDRV - ok
00:07:46.0385 0x1848  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:07:46.0400 0x1848  IPNAT - ok
00:07:46.0447 0x1848  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:07:46.0463 0x1848  iPod Service - ok
00:07:46.0478 0x1848  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:07:46.0478 0x1848  IRENUM - ok
00:07:46.0510 0x1848  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:07:46.0510 0x1848  isapnp - ok
00:07:46.0525 0x1848  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
00:07:46.0541 0x1848  iScsiPrt - ok
00:07:46.0588 0x1848  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
00:07:46.0588 0x1848  jhi_service - ok
00:07:46.0603 0x1848  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
00:07:46.0603 0x1848  kbdclass - ok
00:07:46.0635 0x1848  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
00:07:46.0635 0x1848  kbdhid - ok
00:07:46.0650 0x1848  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
00:07:46.0650 0x1848  kdnic - ok
00:07:46.0666 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\Windows\system32\lsass.exe
00:07:46.0666 0x1848  KeyIso - ok
00:07:46.0682 0x1848  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:07:46.0682 0x1848  KSecDD - ok
00:07:46.0697 0x1848  [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:07:46.0713 0x1848  KSecPkg - ok
00:07:46.0728 0x1848  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:07:46.0728 0x1848  ksthunk - ok
00:07:46.0760 0x1848  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:07:46.0775 0x1848  KtmRm - ok
00:07:46.0807 0x1848  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:07:46.0822 0x1848  LanmanServer - ok
00:07:46.0838 0x1848  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:07:46.0853 0x1848  LanmanWorkstation - ok
00:07:46.0853 0x1848  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:07:46.0869 0x1848  lltdio - ok
00:07:46.0900 0x1848  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:07:46.0900 0x1848  lltdsvc - ok
00:07:46.0916 0x1848  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:07:46.0916 0x1848  lmhosts - ok
00:07:46.0963 0x1848  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:07:46.0963 0x1848  LMS - ok
00:07:47.0010 0x1848  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:07:47.0010 0x1848  LSI_SAS - ok
00:07:47.0010 0x1848  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:07:47.0025 0x1848  LSI_SAS2 - ok
00:07:47.0041 0x1848  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:07:47.0041 0x1848  LSI_SCSI - ok
00:07:47.0057 0x1848  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
00:07:47.0057 0x1848  LSI_SSS - ok
00:07:47.0088 0x1848  [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM             C:\Windows\System32\lsm.dll
00:07:47.0103 0x1848  LSM - ok
00:07:47.0103 0x1848  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:07:47.0119 0x1848  luafv - ok
00:07:47.0135 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:47.0135 0x1848  McAfee SiteAdvisor Service - ok
00:07:47.0213 0x1848  [ 20D553F3AAFCECE3A2D0F8E3A2EFD4FC, 15318A09BDF71BC218190C59F46ABFF50E85B4FCC079BA4FCBC256ACD2B4BB37 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
00:07:47.0213 0x1848  McAPExe - ok
00:07:47.0228 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:47.0244 0x1848  McMPFSvc - ok
00:07:47.0244 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:47.0260 0x1848  McNaiAnn - ok
00:07:47.0338 0x1848  [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
00:07:47.0353 0x1848  McODS - ok
00:07:47.0369 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:47.0385 0x1848  mcpltsvc - ok
00:07:47.0400 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:47.0400 0x1848  McProxy - ok
00:07:47.0447 0x1848  [ F4BE81C919FC0A012F5357E3911D4B67, 8FC3D787A1FACE8022D9BF1A4B024E313F8FD7535696D5E868DC2839E3B76E72 ] McPvDrv         C:\Windows\system32\drivers\McPvDrv.sys
00:07:47.0447 0x1848  McPvDrv - ok
00:07:47.0463 0x1848  [ 4448CCEA974F0B15A00EA33FCEDFC062, EAA5B156480F6F5B11D4B358489714AF7DB77EB58B841BF0AC284A17B4288CC9 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:07:47.0478 0x1848  Mcx2Svc - ok
00:07:47.0478 0x1848  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:07:47.0494 0x1848  megasas - ok
00:07:47.0510 0x1848  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:07:47.0525 0x1848  MegaSR - ok
00:07:47.0557 0x1848  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
00:07:47.0557 0x1848  MEIx64 - ok
00:07:47.0588 0x1848  [ 895040402C88062B6E1F722AF01A1667, 51686E1F4FCBCD8377DE5C9A233837C76B32A64739044D715D313E598E6B68F5 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
00:07:47.0588 0x1848  mfeapfk - ok
00:07:47.0666 0x1848  [ B796F6230CF956FC95C6766BF845B3F3, 4EBE28AA2B767450C49871A136197110C7203B9882CD574B27E8B3F98B2D6334 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
00:07:47.0666 0x1848  mfeavfk - ok
00:07:47.0744 0x1848  [ DE0FD24C4BAA2B280B59392C394C6599, 60E21CB2B9E19B9B874E4835F13E0D874DAD5BD492E8E39E1EC3D1FD2268CAD4 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
00:07:47.0775 0x1848  mfecore - ok
00:07:47.0791 0x1848  [ 15D02973B14AC639DDBA18353B57F484, 59EDCEFEDE5EACD11B95ADB2C71F913A216FF3F1B510C8C25AF503758F8383F8 ] mfeelamk        C:\Windows\system32\drivers\mfeelamk.sys
00:07:47.0807 0x1848  mfeelamk - ok
00:07:47.0822 0x1848  [ 41C6D39FCBF849D69E73626B369763AC, 806F689C7F860438011D065A181D5331996FA94B797D56EFE708D6B3E754BB62 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:07:47.0838 0x1848  mfefire - ok
00:07:47.0885 0x1848  [ 017664D9DC24B62C368E568011BD2D0A, 2A03C9B4C283D54488C503C402CA058A05B102986AD9304483D027B3AC9ECD27 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
00:07:47.0900 0x1848  mfefirek - ok
00:07:47.0947 0x1848  [ 238CBB4E02CD1B20A12A683F7AB5AF05, 8B6B67E35966E02CD8EF947E8FFB16D182F97D599A4A2A01CF49FEA34180DD23 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
00:07:47.0963 0x1848  mfehidk - ok
00:07:48.0010 0x1848  [ FDB02B0C2865DBDE9571D57D3ABC6A6B, 9AC814E8FEB1F928582B1AA76DD41B78981C9D211D8DB9F555AD5B334B14E11D ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
00:07:48.0025 0x1848  mfencbdc - ok
00:07:48.0041 0x1848  [ C3EE053D6A0CCD75C07FADC73D7BA4E4, 81F2F6716B86B2FE673F1C1252101F5E7AD4BE4258F8086C2F9F848E0B59EAF2 ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
00:07:48.0057 0x1848  mfencrk - ok
00:07:48.0088 0x1848  [ 1992C9EFA684A23E8047D9ADCA150E9E, 3F839BB3DFAB0B5AF2EBB576D1C4F235F155A23845AA0B3CAF9DD84F2D75B37F ] mfevtp          C:\Windows\system32\mfevtps.exe
00:07:48.0104 0x1848  mfevtp - ok
00:07:48.0135 0x1848  [ 1477459C6A9BDE33474B45A32B92D59B, B6198F9F8E1A7A1EC3DD7865C4D0C3F61579A8DE5BFF19A30751932E2A053B55 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
00:07:48.0150 0x1848  mfewfpk - ok
00:07:48.0213 0x1848  MFE_RR - ok
00:07:48.0244 0x1848  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
00:07:48.0244 0x1848  MMCSS - ok
00:07:48.0307 0x1848  [ 8CC001C65C31633171991FA72A551D43, F256EED72C712C2B5C1DB6DE31DA52609EC0E47EB869E7BC0B70B286593A96DB ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
00:07:48.0307 0x1848  MOBKbackup - ok
00:07:48.0338 0x1848  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF, D949CACB9EF881194B06A961071938F57F3AD57EBB5440B6E7F0B340757641BD ] MOBKFilter      C:\Windows\system32\DRIVERS\MOBK.sys
00:07:48.0338 0x1848  MOBKFilter - ok
00:07:48.0354 0x1848  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
00:07:48.0354 0x1848  Modem - ok
00:07:48.0400 0x1848  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
00:07:48.0400 0x1848  monitor - ok
00:07:48.0432 0x1848  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
00:07:48.0447 0x1848  mouclass - ok
00:07:48.0463 0x1848  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
00:07:48.0463 0x1848  mouhid - ok
00:07:48.0479 0x1848  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:07:48.0479 0x1848  mountmgr - ok
00:07:48.0494 0x1848  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C, BCBFF081FAFB822CE29D291FB329FC310D90F0EC0D1BB69CF8CB09ED5A2E84D1 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:07:48.0494 0x1848  mpsdrv - ok
00:07:48.0541 0x1848  [ 3031573A739DBEE8923851929D0AF423, E9EA6C0D12A896AC745173B1F1A58192B52724AA424718B16B8D05E9AC091741 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:07:48.0572 0x1848  MpsSvc - ok
00:07:48.0588 0x1848  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:07:48.0588 0x1848  MRxDAV - ok
00:07:48.0635 0x1848  [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:07:48.0650 0x1848  mrxsmb - ok
00:07:48.0682 0x1848  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:07:48.0682 0x1848  mrxsmb10 - ok
00:07:48.0713 0x1848  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:07:48.0713 0x1848  mrxsmb20 - ok
00:07:48.0744 0x1848  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
00:07:48.0744 0x1848  MsBridge - ok
00:07:48.0760 0x1848  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
00:07:48.0775 0x1848  MSDTC - ok
00:07:48.0791 0x1848  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:07:48.0791 0x1848  Msfs - ok
00:07:48.0807 0x1848  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
00:07:48.0807 0x1848  msgpiowin32 - ok
00:07:48.0822 0x1848  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:07:48.0822 0x1848  mshidkmdf - ok
00:07:48.0838 0x1848  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
00:07:48.0838 0x1848  mshidumdf - ok
00:07:48.0854 0x1848  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:07:48.0854 0x1848  msisadrv - ok
00:07:48.0900 0x1848  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:07:48.0900 0x1848  MSiSCSI - ok
00:07:48.0900 0x1848  msiserver - ok
00:07:48.0932 0x1848  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
00:07:48.0932 0x1848  MSK80Service - ok
00:07:48.0947 0x1848  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:07:48.0963 0x1848  MSKSSRV - ok
00:07:48.0994 0x1848  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
00:07:48.0994 0x1848  MsLldp - ok
00:07:48.0994 0x1848  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:07:48.0994 0x1848  MSPCLOCK - ok
00:07:48.0994 0x1848  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:07:48.0994 0x1848  MSPQM - ok
00:07:49.0025 0x1848  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:07:49.0025 0x1848  MsRPC - ok
00:07:49.0041 0x1848  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
00:07:49.0057 0x1848  mssmbios - ok
00:07:49.0057 0x1848  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:07:49.0057 0x1848  MSTEE - ok
00:07:49.0072 0x1848  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
00:07:49.0072 0x1848  MTConfig - ok
00:07:49.0088 0x1848  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
00:07:49.0088 0x1848  Mup - ok
00:07:49.0088 0x1848  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
00:07:49.0088 0x1848  mvumis - ok
00:07:49.0166 0x1848  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
00:07:49.0166 0x1848  napagent - ok
00:07:49.0213 0x1848  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:07:49.0229 0x1848  NativeWifiP - ok
00:07:49.0244 0x1848  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
00:07:49.0260 0x1848  NcaSvc - ok
00:07:49.0275 0x1848  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
00:07:49.0275 0x1848  NcdAutoSetup - ok
00:07:49.0354 0x1848  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:07:49.0369 0x1848  NDIS - ok
00:07:49.0400 0x1848  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:07:49.0400 0x1848  NdisCap - ok
00:07:49.0416 0x1848  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
00:07:49.0416 0x1848  NdisImPlatform - ok
00:07:49.0432 0x1848  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:07:49.0432 0x1848  NdisTapi - ok
00:07:49.0447 0x1848  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:07:49.0447 0x1848  Ndisuio - ok
00:07:49.0463 0x1848  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:49.0463 0x1848  NdisWan - ok
00:07:49.0479 0x1848  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
00:07:49.0479 0x1848  NDISWANLEGACY - ok
00:07:49.0510 0x1848  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:07:49.0510 0x1848  NDProxy - ok
00:07:49.0541 0x1848  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
00:07:49.0541 0x1848  Ndu - ok
00:07:49.0557 0x1848  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:07:49.0572 0x1848  NetBIOS - ok
00:07:49.0588 0x1848  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:07:49.0588 0x1848  NetBT - ok
00:07:49.0604 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\Windows\system32\lsass.exe
00:07:49.0604 0x1848  Netlogon - ok
00:07:49.0635 0x1848  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
00:07:49.0650 0x1848  Netman - ok
00:07:49.0682 0x1848  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
00:07:49.0697 0x1848  netprofm - ok
00:07:49.0760 0x1848  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:07:49.0760 0x1848  NetTcpPortSharing - ok
00:07:49.0791 0x1848  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:07:49.0791 0x1848  nfrd960 - ok
00:07:49.0822 0x1848  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:07:49.0838 0x1848  NlaSvc - ok
00:07:49.0838 0x1848  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:07:49.0838 0x1848  Npfs - ok
00:07:49.0869 0x1848  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
00:07:49.0869 0x1848  npsvctrig - ok
00:07:49.0900 0x1848  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
00:07:49.0900 0x1848  nsi - ok
00:07:49.0900 0x1848  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:07:49.0900 0x1848  nsiproxy - ok
00:07:50.0010 0x1848  [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:07:50.0041 0x1848  Ntfs - ok
00:07:50.0072 0x1848  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
00:07:50.0072 0x1848  Null - ok
00:07:50.0088 0x1848  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:07:50.0088 0x1848  nvraid - ok
00:07:50.0104 0x1848  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:07:50.0104 0x1848  nvstor - ok
00:07:50.0119 0x1848  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:07:50.0119 0x1848  nv_agp - ok
00:07:50.0244 0x1848  [ 25FFB1C1E5BD27B9757EACF40B2B0F7B, 41B4236F580B4653C65E3F16DD3FF91E924716FDD2DCBA89A5F416563C5F0076 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
00:07:50.0291 0x1848  OfficeSvc - ok
00:07:50.0338 0x1848  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:07:50.0338 0x1848  ose - ok
00:07:50.0385 0x1848  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:07:50.0401 0x1848  p2pimsvc - ok
00:07:50.0416 0x1848  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:07:50.0432 0x1848  p2psvc - ok
00:07:50.0463 0x1848  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
00:07:50.0463 0x1848  Parport - ok
00:07:50.0479 0x1848  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:07:50.0479 0x1848  partmgr - ok
00:07:50.0526 0x1848  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:07:50.0526 0x1848  PcaSvc - ok
00:07:50.0557 0x1848  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
00:07:50.0557 0x1848  pci - ok
00:07:50.0572 0x1848  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
00:07:50.0572 0x1848  pciide - ok
00:07:50.0588 0x1848  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:07:50.0588 0x1848  pcmcia - ok
00:07:50.0604 0x1848  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
00:07:50.0604 0x1848  pcw - ok
00:07:50.0635 0x1848  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
00:07:50.0635 0x1848  pdc - ok
00:07:50.0682 0x1848  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:07:50.0697 0x1848  PEAUTH - ok
00:07:50.0807 0x1848  [ DF0D9BDCB600913F40FF125BF8CE1979, 63544C3CEAF47FEEB761FD25BCAE53610C7AD65B7B2295C49D72A7C3C78A376D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:07:50.0854 0x1848  PeerDistSvc - ok
00:07:50.0916 0x1848  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:07:50.0916 0x1848  PerfHost - ok
00:07:51.0010 0x1848  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
00:07:51.0041 0x1848  pla - ok
00:07:51.0072 0x1848  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:07:51.0072 0x1848  PlugPlay - ok
00:07:51.0104 0x1848  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:07:51.0104 0x1848  PNRPAutoReg - ok
00:07:51.0135 0x1848  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:07:51.0151 0x1848  PNRPsvc - ok
00:07:51.0182 0x1848  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:07:51.0197 0x1848  PolicyAgent - ok
00:07:51.0229 0x1848  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
00:07:51.0229 0x1848  Power - ok
00:07:51.0260 0x1848  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:07:51.0260 0x1848  PptpMiniport - ok
00:07:51.0385 0x1848  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
00:07:51.0447 0x1848  PrintNotify - ok
00:07:51.0479 0x1848  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
00:07:51.0479 0x1848  Processor - ok
00:07:51.0557 0x1848  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
00:07:51.0557 0x1848  ProfSvc - ok
00:07:51.0572 0x1848  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:07:51.0572 0x1848  Psched - ok
00:07:51.0604 0x1848  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
00:07:51.0604 0x1848  PSI - ok
00:07:51.0651 0x1848  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
00:07:51.0651 0x1848  QWAVE - ok
00:07:51.0682 0x1848  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:07:51.0682 0x1848  QWAVEdrv - ok
00:07:51.0697 0x1848  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:07:51.0713 0x1848  RasAcd - ok
00:07:51.0729 0x1848  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:07:51.0729 0x1848  RasAgileVpn - ok
00:07:51.0760 0x1848  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
00:07:51.0776 0x1848  RasAuto - ok
00:07:51.0776 0x1848  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:07:51.0791 0x1848  Rasl2tp - ok
00:07:51.0807 0x1848  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
00:07:51.0822 0x1848  RasMan - ok
00:07:51.0838 0x1848  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:07:51.0838 0x1848  RasPppoe - ok
00:07:51.0869 0x1848  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:07:51.0869 0x1848  RasSstp - ok
00:07:51.0901 0x1848  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:07:51.0916 0x1848  rdbss - ok
00:07:51.0947 0x1848  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
00:07:51.0947 0x1848  rdpbus - ok
00:07:51.0963 0x1848  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:07:51.0963 0x1848  RDPDR - ok
00:07:51.0979 0x1848  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:07:51.0994 0x1848  RdpVideoMiniport - ok
00:07:51.0994 0x1848  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:07:52.0010 0x1848  RDPWD - ok
00:07:52.0026 0x1848  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:07:52.0026 0x1848  rdyboost - ok
00:07:52.0088 0x1848  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:07:52.0088 0x1848  RemoteAccess - ok
00:07:52.0104 0x1848  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:07:52.0119 0x1848  RemoteRegistry - ok
00:07:52.0151 0x1848  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
00:07:52.0151 0x1848  RFCOMM - ok
00:07:52.0213 0x1848  [ 41DDCF1ADD1FB7DE23DCF671740DDBE6, 87ECB5C883CEFF76D126A5B4D92E069C9298FA5B62CC981870F9ECCA13C074F1 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:07:52.0229 0x1848  RichVideo - ok
00:07:52.0260 0x1848  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:07:52.0260 0x1848  RpcEptMapper - ok
00:07:52.0276 0x1848  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
00:07:52.0276 0x1848  RpcLocator - ok
00:07:52.0322 0x1848  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
00:07:52.0354 0x1848  RpcSs - ok
00:07:52.0369 0x1848  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:07:52.0385 0x1848  rspndr - ok
00:07:52.0416 0x1848  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
00:07:52.0416 0x1848  RSUSBVSTOR - ok
00:07:52.0494 0x1848  [ A10CF010E1A2B4337230B4929E0FE4A1, AE9F6896029FE00F8642E1DDD705D4F35E77ECD4BC6CE59C96351BC21499150A ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
00:07:52.0494 0x1848  RtkAudioService - ok
00:07:52.0526 0x1848  [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
00:07:52.0541 0x1848  RTL8168 - ok
00:07:52.0588 0x1848  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
00:07:52.0588 0x1848  s3cap - ok
00:07:52.0619 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\Windows\system32\lsass.exe
00:07:52.0619 0x1848  SamSs - ok
00:07:52.0666 0x1848  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:07:52.0682 0x1848  SASDIFSV - ok
00:07:52.0682 0x1848  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:07:52.0682 0x1848  SASKUTIL - ok
00:07:52.0713 0x1848  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:07:52.0713 0x1848  sbp2port - ok
00:07:52.0744 0x1848  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:07:52.0760 0x1848  SCardSvr - ok
00:07:52.0760 0x1848  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:07:52.0776 0x1848  scfilter - ok
00:07:52.0854 0x1848  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\Windows\system32\schedsvc.dll
00:07:52.0885 0x1848  Schedule - ok
00:07:52.0901 0x1848  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:07:52.0901 0x1848  SCPolicySvc - ok
00:07:52.0948 0x1848  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
00:07:52.0948 0x1848  sdbus - ok
00:07:52.0979 0x1848  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:07:52.0979 0x1848  SDRSVC - ok
00:07:53.0166 0x1848  [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
00:07:53.0260 0x1848  SDScannerService - ok
00:07:53.0291 0x1848  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
00:07:53.0291 0x1848  sdstor - ok
00:07:53.0369 0x1848  [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:07:53.0401 0x1848  SDUpdateService - ok
00:07:53.0432 0x1848  [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
00:07:53.0432 0x1848  SDWSCService - ok
00:07:53.0479 0x1848  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:07:53.0494 0x1848  secdrv - ok
00:07:53.0510 0x1848  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
00:07:53.0510 0x1848  seclogon - ok
00:07:53.0588 0x1848  [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
00:07:53.0619 0x1848  Secunia PSI Agent - ok
00:07:53.0651 0x1848  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\system32\sens.dll
00:07:53.0651 0x1848  SENS - ok
00:07:53.0666 0x1848  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:07:53.0682 0x1848  SensrSvc - ok
00:07:53.0698 0x1848  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
00:07:53.0713 0x1848  SerCx - ok
00:07:53.0713 0x1848  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
00:07:53.0713 0x1848  Serenum - ok
00:07:53.0713 0x1848  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
00:07:53.0729 0x1848  Serial - ok
00:07:53.0729 0x1848  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
00:07:53.0729 0x1848  sermouse - ok
00:07:53.0776 0x1848  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:07:53.0776 0x1848  SessionEnv - ok
00:07:53.0823 0x1848  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
00:07:53.0823 0x1848  sfloppy - ok
00:07:53.0869 0x1848  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:07:53.0885 0x1848  SharedAccess - ok
00:07:53.0963 0x1848  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:07:53.0979 0x1848  ShellHWDetection - ok
00:07:53.0994 0x1848  [ 4B577246B16CD19C90B738557C0EB2EB, 643805128C126FFAD987BCF60B96D057E8303D0719FD3AB74733836FA704F79F ] simptcp         C:\Windows\System32\tcpsvcs.exe
00:07:53.0994 0x1848  simptcp - ok
00:07:54.0010 0x1848  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:07:54.0010 0x1848  SiSRaid2 - ok
00:07:54.0041 0x1848  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:07:54.0041 0x1848  SiSRaid4 - ok
00:07:54.0073 0x1848  [ DC3DE448C5B5FA63B6CC58BBD08C96C0, B2FA665F913AF96E32D8364CE3C0229C69420536F1C416E8FF17D8EB94A94478 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
00:07:54.0073 0x1848  SmbDrv - ok
00:07:54.0088 0x1848  [ 258257B32F90496B67ABC93E922086BC, 0CABCD08BDE5FF2698E68DF6142D53145E1BA833667692FCEE8103CA662BC688 ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
00:07:54.0088 0x1848  SmbDrvI - ok
00:07:54.0119 0x1848  [ 8D0445719A3F2E41DCE5E9ED8E3D17AD, E53992568EC233ABF45D7B0B9D4DA13571E7128F4EDE58B758B57F15FADE387E ] SNMP            C:\Windows\System32\snmp.exe
00:07:54.0119 0x1848  SNMP - ok
00:07:54.0151 0x1848  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:07:54.0151 0x1848  SNMPTRAP - ok
00:07:54.0182 0x1848  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
00:07:54.0198 0x1848  spaceport - ok
00:07:54.0213 0x1848  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
00:07:54.0213 0x1848  SpbCx - ok
00:07:54.0276 0x1848  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
00:07:54.0291 0x1848  Spooler - ok
00:07:54.0479 0x1848  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
00:07:54.0588 0x1848  sppsvc - ok
00:07:54.0619 0x1848  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:07:54.0635 0x1848  srv - ok
00:07:54.0682 0x1848  [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:07:54.0698 0x1848  srv2 - ok
00:07:54.0713 0x1848  [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:07:54.0713 0x1848  srvnet - ok
00:07:54.0776 0x1848  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:07:54.0776 0x1848  SSDPSRV - ok
00:07:54.0791 0x1848  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:07:54.0807 0x1848  SstpSvc - ok
00:07:54.0823 0x1848  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:07:54.0823 0x1848  stexstor - ok
00:07:54.0869 0x1848  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
00:07:54.0885 0x1848  stisvc - ok
00:07:54.0932 0x1848  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
00:07:54.0932 0x1848  storahci - ok
00:07:54.0963 0x1848  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
00:07:54.0963 0x1848  storflt - ok
00:07:54.0979 0x1848  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
00:07:54.0994 0x1848  StorSvc - ok
00:07:55.0010 0x1848  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:07:55.0010 0x1848  storvsc - ok
00:07:55.0057 0x1848  [ 1F40EA0996B81D4E7A9FFF92A39F79EA, A61A22AFEC4D575B360F425EE22C70A8F8DCA4E0BA3463442C5DB05D65C3EA9C ] StrongVPN Service C:\Program Files (x86)\StrongVPN\StrongService.exe
00:07:55.0057 0x1848  StrongVPN Service - ok
00:07:55.0088 0x1848  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
00:07:55.0088 0x1848  svsvc - ok
00:07:55.0120 0x1848  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
00:07:55.0120 0x1848  swenum - ok
00:07:55.0151 0x1848  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
00:07:55.0166 0x1848  swprv - ok
00:07:55.0213 0x1848  [ 35FB49002249D2D77EC0CDF28B2F204C, FC7CCE7567EEB7C32EF727D2157BC858D38ABBFC6E223AC21414488FC01D5557 ] SynTP           C:\Windows\System32\drivers\SynTP.sys
00:07:55.0213 0x1848  SynTP - ok
00:07:55.0291 0x1848  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
00:07:55.0323 0x1848  SysMain - ok
00:07:55.0354 0x1848  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
00:07:55.0370 0x1848  SystemEventsBroker - ok
00:07:55.0401 0x1848  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
00:07:55.0401 0x1848  TabletInputService - ok
00:07:55.0416 0x1848  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:07:55.0416 0x1848  TapiSrv - ok
00:07:55.0463 0x1848  [ D877BA7EAEC246FD5AFCF912A46B2B2D, CCA0E0C6E4FDFE5A707B71CD08C93B84002F5E15B2C4654AE9D90949D8DE35B0 ] tapstrong       C:\Windows\system32\DRIVERS\tapstrong.sys
00:07:55.0463 0x1848  tapstrong - ok
00:07:55.0557 0x1848  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:07:55.0604 0x1848  Tcpip - ok
00:07:55.0682 0x1848  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:07:55.0729 0x1848  TCPIP6 - ok
00:07:55.0760 0x1848  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:07:55.0760 0x1848  tcpipreg - ok
00:07:55.0776 0x1848  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:07:55.0776 0x1848  tdx - ok
00:07:55.0791 0x1848  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
00:07:55.0807 0x1848  terminpt - ok
00:07:55.0854 0x1848  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
00:07:55.0870 0x1848  TermService - ok
00:07:55.0885 0x1848  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
00:07:55.0901 0x1848  Themes - ok
00:07:55.0932 0x1848  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:07:55.0932 0x1848  THREADORDER - ok
00:07:55.0963 0x1848  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
00:07:55.0979 0x1848  TimeBroker - ok
00:07:56.0010 0x1848  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
00:07:56.0010 0x1848  TPM - ok
00:07:56.0041 0x1848  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
00:07:56.0041 0x1848  TrkWks - ok
00:07:56.0088 0x1848  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:07:56.0088 0x1848  TrustedInstaller - ok
00:07:56.0120 0x1848  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:07:56.0120 0x1848  TsUsbFlt - ok
00:07:56.0135 0x1848  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
00:07:56.0135 0x1848  TsUsbGD - ok
00:07:56.0151 0x1848  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:07:56.0151 0x1848  tunnel - ok
00:07:56.0166 0x1848  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:07:56.0166 0x1848  uagp35 - ok
00:07:56.0182 0x1848  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
00:07:56.0182 0x1848  UASPStor - ok
00:07:56.0229 0x1848  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
00:07:56.0229 0x1848  UCX01000 - ok
00:07:56.0291 0x1848  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:07:56.0291 0x1848  udfs - ok
00:07:56.0323 0x1848  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:07:56.0323 0x1848  UI0Detect - ok
00:07:56.0354 0x1848  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:07:56.0354 0x1848  uliagpkx - ok
00:07:56.0370 0x1848  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
00:07:56.0370 0x1848  umbus - ok
00:07:56.0370 0x1848  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
00:07:56.0370 0x1848  UmPass - ok
00:07:56.0401 0x1848  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:07:56.0416 0x1848  UmRdpService - ok
00:07:56.0479 0x1848  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:07:56.0479 0x1848  UNS - ok
00:07:56.0526 0x1848  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
00:07:56.0541 0x1848  upnphost - ok
00:07:56.0573 0x1848  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
00:07:56.0588 0x1848  usbccgp - ok
00:07:56.0604 0x1848  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
00:07:56.0604 0x1848  usbcir - ok
00:07:56.0620 0x1848  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
00:07:56.0635 0x1848  usbehci - ok
00:07:56.0666 0x1848  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
00:07:56.0682 0x1848  usbhub - ok
00:07:56.0729 0x1848  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
00:07:56.0745 0x1848  USBHUB3 - ok
00:07:56.0776 0x1848  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
00:07:56.0776 0x1848  usbohci - ok
00:07:56.0807 0x1848  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
00:07:56.0807 0x1848  usbprint - ok
00:07:56.0838 0x1848  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:07:56.0838 0x1848  usbscan - ok
00:07:56.0885 0x1848  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
00:07:56.0885 0x1848  USBSTOR - ok
00:07:56.0901 0x1848  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
00:07:56.0901 0x1848  usbuhci - ok
00:07:56.0948 0x1848  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:07:56.0948 0x1848  usbvideo - ok
00:07:56.0979 0x1848  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
00:07:56.0979 0x1848  USBXHCI - ok
00:07:56.0995 0x1848  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\Windows\system32\lsass.exe
00:07:56.0995 0x1848  VaultSvc - ok
00:07:57.0026 0x1848  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:07:57.0026 0x1848  vdrvroot - ok
00:07:57.0073 0x1848  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
00:07:57.0104 0x1848  vds - ok
00:07:57.0120 0x1848  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
00:07:57.0120 0x1848  VerifierExt - ok
00:07:57.0166 0x1848  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
00:07:57.0182 0x1848  vhdmp - ok
00:07:57.0198 0x1848  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:07:57.0198 0x1848  viaide - ok
00:07:57.0213 0x1848  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:07:57.0213 0x1848  vmbus - ok
00:07:57.0213 0x1848  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
00:07:57.0229 0x1848  VMBusHID - ok
00:07:57.0260 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
00:07:57.0276 0x1848  vmicheartbeat - ok
00:07:57.0291 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
00:07:57.0291 0x1848  vmickvpexchange - ok
00:07:57.0307 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
00:07:57.0323 0x1848  vmicrdv - ok
00:07:57.0338 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
00:07:57.0338 0x1848  vmicshutdown - ok
00:07:57.0354 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
00:07:57.0354 0x1848  vmictimesync - ok
00:07:57.0370 0x1848  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
00:07:57.0385 0x1848  vmicvss - ok
00:07:57.0401 0x1848  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:07:57.0401 0x1848  volmgr - ok
00:07:57.0416 0x1848  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:07:57.0432 0x1848  volmgrx - ok
00:07:57.0479 0x1848  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:07:57.0479 0x1848  volsnap - ok
00:07:57.0495 0x1848  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
00:07:57.0495 0x1848  vpci - ok
00:07:57.0510 0x1848  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:07:57.0510 0x1848  vsmraid - ok
00:07:57.0604 0x1848  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
00:07:57.0635 0x1848  VSS - ok
00:07:57.0682 0x1848  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
00:07:57.0682 0x1848  VSTXRAID - ok
00:07:57.0713 0x1848  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:07:57.0713 0x1848  vwifibus - ok
00:07:57.0729 0x1848  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:07:57.0729 0x1848  vwififlt - ok
00:07:57.0760 0x1848  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:07:57.0760 0x1848  vwifimp - ok
00:07:57.0792 0x1848  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
00:07:57.0807 0x1848  W32Time - ok
00:07:57.0838 0x1848  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
00:07:57.0838 0x1848  WacomPen - ok
00:07:57.0870 0x1848  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:07:57.0885 0x1848  Wanarp - ok
00:07:57.0885 0x1848  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:07:57.0885 0x1848  Wanarpv6 - ok
00:07:57.0963 0x1848  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
00:07:58.0010 0x1848  wbengine - ok
00:07:58.0026 0x1848  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:07:58.0042 0x1848  WbioSrvc - ok
00:07:58.0073 0x1848  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
00:07:58.0088 0x1848  Wcmsvc - ok
00:07:58.0135 0x1848  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:07:58.0151 0x1848  wcncsvc - ok
00:07:58.0167 0x1848  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:07:58.0182 0x1848  WcsPlugInService - ok
00:07:58.0198 0x1848  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
00:07:58.0198 0x1848  Wd - ok
00:07:58.0229 0x1848  [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
00:07:58.0229 0x1848  WdBoot - ok
00:07:58.0292 0x1848  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:07:58.0307 0x1848  Wdf01000 - ok
00:07:58.0338 0x1848  [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
00:07:58.0338 0x1848  WdFilter - ok
00:07:58.0370 0x1848  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:07:58.0385 0x1848  WdiServiceHost - ok
00:07:58.0385 0x1848  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:07:58.0385 0x1848  WdiSystemHost - ok
00:07:58.0417 0x1848  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6, 4281100271761521F75F4D5A3D2E9FF40A9C7D81CEDAFD2EDD95788534090CA6 ] WebClient       C:\Windows\System32\webclnt.dll
00:07:58.0417 0x1848  WebClient - ok
00:07:58.0448 0x1848  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:07:58.0448 0x1848  Wecsvc - ok
00:07:58.0479 0x1848  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:07:58.0495 0x1848  wercplsupport - ok
00:07:58.0557 0x1848  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:07:58.0557 0x1848  WerSvc - ok
00:07:58.0588 0x1848  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
00:07:58.0604 0x1848  WFPLWFS - ok
00:07:58.0620 0x1848  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
00:07:58.0635 0x1848  WiaRpc - ok
00:07:58.0667 0x1848  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:07:58.0667 0x1848  WIMMount - ok
00:07:58.0698 0x1848  WinDefend - ok
00:07:58.0745 0x1848  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
00:07:58.0760 0x1848  WinHttpAutoProxySvc - ok
00:07:58.0823 0x1848  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:07:58.0823 0x1848  Winmgmt - ok
00:07:58.0963 0x1848  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:07:59.0026 0x1848  WinRM - ok
00:07:59.0151 0x1848  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
00:07:59.0182 0x1848  WlanSvc - ok
00:07:59.0245 0x1848  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
00:07:59.0292 0x1848  wlidsvc - ok
00:07:59.0307 0x1848  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
00:07:59.0307 0x1848  WmiAcpi - ok
00:07:59.0338 0x1848  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:07:59.0338 0x1848  wmiApSrv - ok
00:07:59.0370 0x1848  WMPNetworkSvc - ok
00:07:59.0385 0x1848  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
00:07:59.0401 0x1848  wpcfltr - ok
00:07:59.0417 0x1848  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:07:59.0417 0x1848  WPCSvc - ok
00:07:59.0479 0x1848  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:07:59.0479 0x1848  WPDBusEnum - ok
00:07:59.0526 0x1848  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
00:07:59.0526 0x1848  WpdUpFltr - ok
00:07:59.0542 0x1848  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:07:59.0542 0x1848  ws2ifsl - ok
00:07:59.0573 0x1848  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\system32\wscsvc.dll
00:07:59.0588 0x1848  wscsvc - ok
00:07:59.0588 0x1848  WSearch - ok
00:07:59.0698 0x1848  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
00:07:59.0745 0x1848  WSService - ok
00:07:59.0885 0x1848  [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:07:59.0948 0x1848  wuauserv - ok
00:07:59.0979 0x1848  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:07:59.0995 0x1848  WudfPf - ok
00:08:00.0010 0x1848  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
00:08:00.0010 0x1848  WUDFRd - ok
00:08:00.0057 0x1848  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:08:00.0057 0x1848  wudfsvc - ok
00:08:00.0073 0x1848  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
00:08:00.0073 0x1848  WUDFWpdFs - ok
00:08:00.0120 0x1848  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:08:00.0135 0x1848  WwanSvc - ok
00:08:00.0198 0x1848  [ 09B22759E21A560DE6255596009695DF, 906A37B62FBB1EB2271A65144AD9AAD471AB2F2621DC7A21C1DA41FD2AFA740F ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
00:08:00.0198 0x1848  ZAtheros Wlan Agent - ok
00:08:00.0292 0x1848  [ 6F58BD07113A38412A6AE6566A3B36A0, 1D1A6342F776C74D49D589548F5F00A549C4A32F35D08858D55D5EB8A55EED81 ] {09F57980-3432-4AFC-957D-27AC45FAE1F5} C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl
00:08:00.0292 0x1848  {09F57980-3432-4AFC-957D-27AC45FAE1F5} - ok
00:08:00.0323 0x1848  ================ Scan global ===============================
00:08:00.0385 0x1848  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
00:08:00.0401 0x1848  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
00:08:00.0432 0x1848  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
00:08:00.0464 0x1848  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
00:08:00.0479 0x1848  [ Global ] - ok
00:08:00.0479 0x1848  ================ Scan MBR ==================================
00:08:00.0495 0x1848  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:08:00.0589 0x1848  \Device\Harddisk0\DR0 - ok
00:08:00.0589 0x1848  ================ Scan VBR ==================================
00:08:00.0589 0x1848  [ 7B4C400A8A39BA1FE5BD8346D328B3CA ] \Device\Harddisk0\DR0\Partition1
00:08:00.0589 0x1848  \Device\Harddisk0\DR0\Partition1 - ok
00:08:00.0620 0x1848  [ AD0B6703A05E49239397784DC74E53DD ] \Device\Harddisk0\DR0\Partition2
00:08:00.0620 0x1848  \Device\Harddisk0\DR0\Partition2 - ok
00:08:00.0635 0x1848  [ A4451058E45E1331B43B2E5F45758CB8 ] \Device\Harddisk0\DR0\Partition3
00:08:00.0635 0x1848  \Device\Harddisk0\DR0\Partition3 - ok
00:08:00.0651 0x1848  [ 040ECDC04A0A3E746BEE4F3B2A08D3E7 ] \Device\Harddisk0\DR0\Partition4
00:08:00.0651 0x1848  \Device\Harddisk0\DR0\Partition4 - ok
00:08:00.0651 0x1848  [ C39F54B22859070CED2226D7534038D6 ] \Device\Harddisk0\DR0\Partition5
00:08:00.0651 0x1848  \Device\Harddisk0\DR0\Partition5 - ok
00:08:00.0682 0x1848  [ 92313B3E9EF629B99159D44292743986 ] \Device\Harddisk0\DR0\Partition6
00:08:00.0682 0x1848  \Device\Harddisk0\DR0\Partition6 - ok
00:08:00.0682 0x1848  Waiting for KSN requests completion. In queue: 97
00:08:01.0698 0x1848  Waiting for KSN requests completion. In queue: 97
00:08:02.0714 0x1848  Waiting for KSN requests completion. In queue: 97
00:08:03.0745 0x1848  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52000 ( disabled : updated )
00:08:03.0745 0x1848  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x60100 ( disabled : updated )
00:08:03.0745 0x1848  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
00:08:06.0199 0x1848  ============================================================
00:08:06.0199 0x1848  Scan finished
00:08:06.0199 0x1848  ============================================================
00:08:06.0199 0x163c  Detected object count: 0
00:08:06.0199 0x163c  Actual detected object count: 0
00:08:13.0544 0x1530  Deinitialize success

 

 

Thanks Again,

H.P.
 



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 13 December 2013 - 09:38 PM

Havin' Problems,
 
It's late where I am now, I'll reply back with answers to your questions and additional instructions sometime tomorrow. :)


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 14 December 2013 - 10:29 AM

H.P.,

 

1. I think the CD/DVD sound you're hearing is normal. To rule out Windows Media Player as the cause, one thing to try is to download and install VLC and see if you get the same symptoms when playing a movie with VLC. If you do, then it's probably normal. If you don't, then there's something odd with Windows Media Player.
 
2. I think what you see with the folders refreshing is normal. Does it take more than a couple seconds to refresh the contents of a folder?
 
3. The Secunia log does look odd, though I'm not sure if Secunia connecting every hour is abnormal or not. Try uninstalling Secunia, and then downloading and installing a new version.
 
4. You're correct - McAfee deleting Combofix was a false positive.
 
5. Some of the files you now see in Process Explorer that Combofix appeared to delete previously are legitimate file names.
 
6. That's strange that chkdsk hung at 28%. You mentioned before that this is a brand new computer. Chkdsk usually hangs if there is a problem with the hard drive, but that doesn't seem likely here, especially if the hard drive is brand new.  Let's see if we can find the disk check log.  The log file is recorded only if the scheduled re-start is used, and only for drives on the same hard drive as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

7. You see files being added to C:\Windows ?
 
8. The hard drive free space shrinking is definitely something to be looked at further.
 
9. - 11. I'm not familiar with reading Windows Update logs, but I think what you see logged is okay.
 
12. All the way back to Windows XP, I remember Windows occasionally having trouble displaying the correct install date. This may be something to look at further, or it may just be normal.
 
13. Do you use CyberLinkMediaServer? Where do you see the ADS streams associated with it?
 
 
Rerun FRST
Please download a NEW version of Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click FRST then click "Run as administrator"
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

 

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
 
Run Malwarebytes
Open Malwarebytes, and click on the Update tab to check for database definition updates through the program's interface (preferable method) before scanning.

  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. Temporarily disable such programs or permit them to allow the changes.

  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

 

 

 

In your reply, please include the following:

  • Chkdsk log (if it exists)
  • New FRST log
  • MiniToolBox log
  • Malwarebytes log
  • How's the computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 16 December 2013 - 06:41 PM

Jason,

 

These are my responses to your questions.

 

A)  I think the CD/DVD sound you're hearing is normal. To rule out Windows Media Player as the cause, one thing to try is

to download and install VLC and see if you get the same symptoms when playing a movie with VLC. If you do, then it's

probably normal. If you don't, then there's something odd with Windows Media Player. Response: I downloaded VLC and the

CD/DVD drive noise does not occur when playing video files. However, the noise occurs everytime I reboot, and when I

launch "Process Monitor" as mentioned below.

 

B)  I think what you see with the folders refreshing is normal. Does it take more than a couple seconds to refresh the

contents of a folder? Response: Yes. Sometimes it takes a few minutes.

 

C) You see files being added to C:\Windows? Response:  Yes, I see files added to my C:\Windows folder that I know have not

been there long. Some of them are: PEV.exe, MBR.exe, MOBK.blk, MOBK.flt, NIRCMD.exe, grep.exe, sed.exe, SWREG.exe,

SWSC.exe, SWXCACLS.exe, zip.exe.

 

D) Do you use CyberLinkMediaServer? Where do you see the ADS streams associated with it? Response: No I don't use

CyberLink Media Server. However, this computer came with Cyberlink products preinstalled.

 

E) Do you use CyberLinkMediaServer? Where do you see the ADS streams associated with it? Response: I UsedADSSPY to see

Alternate data streams, and checked "ignore safe system info data streams", (see log). There were a lot more, but I cut

them out for privacy reasons. I know that most of the streams are from favorites, but only some of my favorites are listed

in the log, they seem to be taking up a lot of space, and should my favorites in internet explorer even have alternate

data streams?

 

These are additional comments.

 

1) My C drive is owned by "trusted installer" (see attached picture).

2) I can't uninstall many of my programs like "spybot search and destroy" and many others. When I try to uninstall them, I

get the following message, (but subsitute the program name)  --  Error --- Messages file "C:\Program Files (x86)\Spybot -

Search & Destroy 2\unins000.msg" is missing. Please correct the problem or or obtain a new copy of the program. How do I

uninstall these?

3) My "Microsoft Office Upload Center" is always trying to upload things somewhere.

4) Everything that I download installs itself as a service. Is that normal?

5) I tried to run chkdsk again today and it kept getting hung up at 28%. I turned off my computer, turned it back on, a

message said it was diagnosing my computer. Then it went to a screen that said "your computer cannot boot up. Do you want

to try and restore it to a time when it worked better?" I clicked cancel. I turned it off again, and back on. I skipped

the error checking and it booted up fine.

6) It seems that whenever the error checking gets stopped at 28%, which is most of the time, it does not generate a log in

event viewer. The log that I have attached must have been from one of the few times that the error checking completed.

(See Wininitlog)

7) Windows cannot check for updates. (See Windows update log from eventviewer. This is just 1 out of many logs I have like

this for windows update).

8) I have many files in my Windows\System32 folder whose names are in purple, I think that means compressed. For example:
snmp.exe, dssite.msc, adsiedit.msc, accserv.mib, authserv.mib, dhcp.mib, ftp.mib, hostmib.mib, http.mib, ipforwd.mib,

lmmib2.mib, mcastmib.mib, mib_ii.mib, msipbtp.mib, msiprip2.mib, rfc2571.mib, smi.mib, wins.mib,ntdsmsg.dll, adsiedit.dll,

adamssip.dll, a folder DRVSTORE, and many, many more.

9) Processmonitor, part of System Internals, shows a ridiculous amount of activity by different process, opening, reading,

rewriting, closing registry keys. This is just a small sample but this happens with the same frequency all day long. Is

this normal? All this activity in less than 0.05 seconds! There are buffer overflows which I know are not good. (See

attached picture).

10) In eventviewer this is just one of many registry error logs. (see attached).

11) MBAM did not find anything.

 

Thanks again,
H.P.

 

This is my ADSSPY log. Note: There were 294 entries but I removed some for privacy reasons. Also I checked off "ignore safe system info data streams" before I ran this:

 

C:\Documents and Settings\All Users\CyberLink\{3C829AD2-1CAD-4CB3-8736-F1499FA84F5C}\CLDShowX.ini : Update.CL  (2560 bytes)
C:\Documents and Settings\All Users\CyberLink\PowerDVD13\CLDShowX.ini : Update.CL  (2560 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\Mail\1\1d0000cb\20000bd7_bbaf1273891fd8.eml : OECustomProperty  (1024 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\AddressBook\26000066_4f4f826b9d8c67.eml : OECustomProperty  (647 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000001_7c259b8c716eb.eml : OECustomProperty  (695 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000002_10544ab19d61f7.eml : OECustomProperty  (326 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000066_60204aa25b389f.eml : OECustomProperty  (711 bytes)
C:\Documents and Settings\TLC\AppData\Local\Packages\microsoft.windowsphotos_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000001_7b23a14936e32d.eml : OECustomProperty  (695 bytes)
C:\Documents and Settings\TLC\Documents\Scanned Documents\Welcome Scan.jpg : 3or4kl4x13tuuug3Byamue2s4b  (180 bytes)
C:\Documents and Settings\TLC\Favorites\10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy - Forbes.url : favicon  (1078 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\Education Week Educating Long-Term English-Language Learners.url : favicon  (1150 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\ESL workshop Scaffolding theory.url : favicon  (318 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\NCRLP\Learning Point Associates Home.url : favicon  (3638 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\NEA\NEA - Diversity Calendar.url : favicon  (25214 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\NEA\NEA - Diversity Resources.url : favicon  (25214 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\City College of San Francisco Beyond Tolerance.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Fight for Every Child  Teaching Tolerance.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Honor Henrietta Lacks  Teaching Tolerance.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Just Science  Teaching Tolerance.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Keep Kids Visible  Teaching Tolerance.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Lessons and Materials.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\tolerance\Lessons and Materials1.url : favicon  (894 bytes)
C:\Documents and Settings\TLC\Favorites\24houredclass\Transcript Request at Thomas Edison State College.url : favicon  (318 bytes)
C:\Documents and Settings\TLC\Favorites\An A-Z Index of the Windows CMD command line  SS64.com.url : favicon  (1150 bytes)
C:\Documents and Settings\TLC\Favorites\Antivirus Software for PC, Mac, and Android Devices  ESET Internet Security and Virus Protection.url : favicon  (1406 bytes)
C:\ProgramData\CyberLink\{3C829AD2-1CAD-4CB3-8736-F1499FA84F5C}\CLDShowX.ini : Update.CL  (2560 bytes)
C:\ProgramData\CyberLink\PowerDVD13\CLDShowX.ini : Update.CL  (2560 bytes)
C:\Users\All Users\CyberLink\{3C829AD2-1CAD-4CB3-8736-F1499FA84F5C}\CLDShowX.ini : Update.CL  (2560 bytes)
C:\Users\All Users\CyberLink\PowerDVD13\CLDShowX.ini : Update.CL  (2560 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\Mail\1\1d0000cb\20000bd7_bbaf1273891fd8.eml : OECustomProperty  (1024 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\AddressBook\26000066_4f4f826b9d8c67.eml : OECustomProperty  (647 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000001_7c259b8c716eb.eml : OECustomProperty  (695 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000002_10544ab19d61f7.eml : OECustomProperty  (326 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000066_60204aa25b389f.eml : OECustomProperty  (711 bytes)
C:\Users\TLC\AppData\Local\Packages\microsoft.windowsphotos_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\27c114547948f0d5\120712-0049\People\Me\24000001_7b23a14936e32d.eml : OECustomProperty  (695 bytes)
C:\Users\TLC\Documents\Scanned Documents\Welcome Scan.jpg : 3or4kl4x13tuuug3Byamue2s4b  (180 bytes)
C:\Users\TLC\Favorites\10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy - Forbes.url : favicon  (1078 bytes)
C:\Users\TLC\Favorites\24houredclass\Education Week Educating Long-Term English-Language Learners.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\24houredclass\ESL workshop Scaffolding theory.url : favicon  (318 bytes)
C:\Users\TLC\Favorites\24houredclass\NCRLP\Learning Point Associates Home.url : favicon  (3638 bytes)
C:\Users\TLC\Favorites\24houredclass\NEA\NEA - Diversity Calendar.url : favicon  (25214 bytes)
C:\Users\TLC\Favorites\24houredclass\NEA\NEA - Diversity Resources.url : favicon  (25214 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\City College of San Francisco Beyond Tolerance.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Fight for Every Child  Teaching Tolerance.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Honor Henrietta Lacks  Teaching Tolerance.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Just Science  Teaching Tolerance.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Keep Kids Visible  Teaching Tolerance.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Lessons and Materials.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\tolerance\Lessons and Materials1.url : favicon  (894 bytes)
C:\Users\TLC\Favorites\24houredclass\Transcript Request at Thomas Edison State College.url : favicon  (318 bytes)
C:\Users\TLC\Favorites\An A-Z Index of the Windows CMD command line  SS64.com.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\security\Use the System File Checker tool to repair missing or corrupted system files.url : favicon  (17174 bytes)
C:\Users\TLC\Favorites\security\Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.url : favicon  (8380 bytes)
C:\Users\TLC\Favorites\security\Windows Updates Redirected to Fake Certificates and Zero Day Exploit - Microsoft Community.url : favicon  (4654 bytes)
C:\Users\TLC\Favorites\Shadow Tracer's Kit  Me and My Shadow.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\Shopping Cart  Chegg.com.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\SkyDrive.url : favicon  (17174 bytes)
C:\Users\TLC\Favorites\SlashGeek · How to be completely Anonymous online - SlashGeek.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\Stop Governments from Spying on You! Educate Yourself about Digital Rights & Privacy!.url : favicon  (1150 bytes)
C:\Users\TLC\Favorites\Syllabus  Electricity and Magnetism  Physics  MIT OpenCourseWare.url : favicon  (1406 bytes)
C:\Users\TLC\Favorites\The 3 Minute Guide To Online Privacy - GreyCoder.url : favicon  (15086 bytes)
C:\Users\TLC\Favorites\The SSD Project  EFF Surveillance Self-Defense Project.url : favicon  (1406 bytes)
C:\Users\TLC\Favorites\Top 10 Ways to Unleash Your Inner Evil.url : favicon  (32988 bytes)
C:\Users\TLC\Favorites\Virtual Private Networks.url : favicon  (3639 bytes)
C:\Users\TLC\Favorites\What Is My IP ®  Shows Your IP Address..url : favicon  (1150 bytes)

There were 294 of these but I removed some due to privacy reasons.

 

Wininit Log from eventviewer. I don't know how much use it will be as when it gets stuck at 28%, a log is not generated. This must be one of the few that actually completed. However, nothing is ever fixed as I keep getting notifications to restart computer to fix drive errors.

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          12/12/2013 2:03:31 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SweetHomeAl
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

CHKDSK is verifying files (stage 1 of 3)...
  237056 file records processed.                                         File verification completed.
  2277 large file records processed.                                     0 bad file records processed.                                    
CHKDSK is verifying indexes (stage 2 of 3)...
  310880 index entries processed.                                        Index verification completed.
  0 unindexed files scanned.                                          0 unindexed files recovered.                                     
CHKDSK is verifying security descriptors (stage 3 of 3)...
Cleaning up 111 unused index entries from index $SII of file 0x9.
Cleaning up 111 unused index entries from index $SDH of file 0x9.
Cleaning up 111 unused security descriptors.
Security descriptor verification completed.
  36913 data files processed.                                           CHKDSK is verifying Usn Journal...
  33579720 USN bytes processed.                                            Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 474948607 KB total disk space.
 410821496 KB in 161830 files.
     97368 KB in 36914 indexes.
         0 KB in bad sectors.
    352479 KB in use by the system.
     65536 KB occupied by the log file.
  63677264 KB available on disk.

      4096 bytes in each allocation unit.
 118737151 total allocation units on disk.
  15919316 allocation units available on disk.

Internal Info:
00 9e 03 00 63 08 03 00 44 7f 05 00 00 00 00 00  ....c...D.......
ea 07 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 3a 9c 25 00 00 00 04 00 00 00 00 00 00 00  ..:.%...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-12T19:03:31.000000000Z" />
    <EventRecordID>10642</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SweetHomeAl</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

CHKDSK is verifying files (stage 1 of 3)...
  237056 file records processed.                                         File verification completed.
  2277 large file records processed.                                     0 bad file records processed.                                    
CHKDSK is verifying indexes (stage 2 of 3)...
  310880 index entries processed.                                        Index verification completed.
  0 unindexed files scanned.                                          0 unindexed files recovered.                                     
CHKDSK is verifying security descriptors (stage 3 of 3)...
Cleaning up 111 unused index entries from index $SII of file 0x9.
Cleaning up 111 unused index entries from index $SDH of file 0x9.
Cleaning up 111 unused security descriptors.
Security descriptor verification completed.
  36913 data files processed.                                           CHKDSK is verifying Usn Journal...
  33579720 USN bytes processed.                                            Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 474948607 KB total disk space.
 410821496 KB in 161830 files.
     97368 KB in 36914 indexes.
         0 KB in bad sectors.
    352479 KB in use by the system.
     65536 KB occupied by the log file.
  63677264 KB available on disk.

      4096 bytes in each allocation unit.
 118737151 total allocation units on disk.
  15919316 allocation units available on disk.

Internal Info:
00 9e 03 00 63 08 03 00 44 7f 05 00 00 00 00 00  ....c...D.......
ea 07 00 00 3a 00 00 00 00 00 00 00 00 00 00 00  ....:...........
00 00 3a 9c 25 00 00 00 04 00 00 00 00 00 00 00  ..:.%...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

From eventviewer, Windows cannot check for updates:

 

Log Name:      Application
Source:        Windows Error Reporting
Date:          12/16/2013 3:20:49 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      SweetHomeAl
Description:
Fault bucket , type 0
Event Name: WindowsUpdateFailure2
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.8.9200.16731
P2: 8024401c
P3: 00000000-0000-0000-0000-000000000000
P4: Scan
P5: 101
P6: Unmanaged
P7: 0
P8:
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16731_50f2ebf862378eaa47d8d28eaff2356cce57_cab_1436bb57

Analysis symbol:
Rechecking for solution: 0
Report Id: 8cddb543-668f-11e3-be90-f01faf0ad82d
Report Status: 4
Hashed bucket:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T20:20:49.000000000Z" />
    <EventRecordID>11384</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SweetHomeAl</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>WindowsUpdateFailure2</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>7.8.9200.16731</Data>
    <Data>8024401c</Data>
    <Data>00000000-0000-0000-0000-000000000000</Data>
    <Data>Scan</Data>
    <Data>101</Data>
    <Data>Unmanaged</Data>
    <Data>0</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.8.9200.16731_50f2ebf862378eaa47d8d28eaff2356cce57_cab_1436bb57</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>8cddb543-668f-11e3-be90-f01faf0ad82d</Data>
    <Data>4</Data>
    <Data>
    </Data>
  </EventData>
</Event>

 

From eventviewer showing registry issues. I have a ton of similar logs.

 

 

 

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          12/16/2013 2:24:57 PM
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:     
User:          SYSTEM
Computer:      SweetHomeAl
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 3 user registry handles leaked from \Registry\User\S-1-5-21-1728614643-3146882776-3930629701-1001:
Process 332 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001
Process 332 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 464 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-16T19:24:57.626474200Z" />
    <EventRecordID>11355</EventRecordID>
    <Correlation ActivityID="{FBCA62ED-FA88-0000-2967-CAFB88FACE01}" />
    <Execution ProcessID="332" ThreadID="5144" />
    <Channel>Application</Channel>
    <Computer>SweetHomeAl</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-1728614643-3146882776-3930629701-1001:
Process 332 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001
Process 332 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Process 464 (\Device\HarddiskVolume5\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall
</Data>
  </EventData>
</Event>

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by TLC (administrator) on SWEETHOMEAL on 16-12-2013 18:15:02
Running from C:\Users\TLC\Desktop
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\WINDOWS\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\System32\UI0Detect.exe
(Golden Frog, Inc.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Golden Frog, Inc.) C:\Program Files (x86)\VyprVPN\VyprVPN.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [VyprVPN] - C:\Program Files (x86)\VyprVPN\VyprVPN.exe [583088 2013-12-04] (Golden Frog, Inc.)
Startup: C:\Users\BigBadJohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {0BEE3B19-8F48-4630-9D42-0E6BA478E762} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {0BEE3B19-8F48-4630-9D42-0E6BA478E762} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} http://content.systemrequirementslab.com/bin/srldetect_intel64_4.5.15.0.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-09-13] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-09-13] (CyberLink)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [388096 2012-07-25] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2012-07-25] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWow64\snmp.exe [45056 2012-07-25] (Microsoft Corporation)
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [20912 2013-12-04] (Golden Frog, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 tapstrong; C:\Windows\system32\DRIVERS\tapstrong.sys [38760 2013-10-31] (The OpenVPN Project)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-09-13] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MFE_RR; \??\C:\Users\TLC\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-16 18:15 - 2013-12-16 18:15 - 00015002 _____ C:\Users\TLC\Desktop\FRST.txt
2013-12-16 17:26 - 2013-12-16 17:26 - 00001152 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-16 17:09 - 2013-12-16 17:09 - 00000000 ____D C:\FRST
2013-12-16 17:07 - 2013-12-16 17:07 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\TLC\Desktop\mbam-setup.exe
2013-12-16 17:03 - 2013-12-16 17:03 - 00760937 _____ (Farbar) C:\Users\TLC\Desktop\MiniToolBox.exe
2013-12-16 17:02 - 2013-12-16 17:02 - 01927940 _____ (Farbar) C:\Users\TLC\Desktop\FRST64.exe
2013-12-16 15:40 - 2013-12-16 15:40 - 00002089 _____ C:\Users\TLC\Desktop\Windowscannotcheckforupdates.txt
2013-12-16 13:18 - 2013-12-16 14:07 - 00000000 ____D C:\Users\TLC\AppData\Roaming\vlc
2013-12-16 13:17 - 2013-12-16 13:17 - 00001109 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-16 13:16 - 2013-12-16 13:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-16 13:02 - 2013-12-16 13:03 - 00449448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 13:02 - 2013-12-16 13:02 - 00146636 _____ C:\Windows\PFRO.log
2013-12-16 12:59 - 2013-12-16 18:10 - 00004151 _____ C:\Users\TLC\Desktop\NewProblems.txt
2013-12-16 12:54 - 2013-12-16 18:14 - 00000000 ____D C:\Users\TLC\Desktop\problems
2013-12-16 12:49 - 2013-12-16 12:49 - 24097311 _____ C:\Users\TLC\Desktop\vlc-2.1.2-win32.exe
2013-12-14 04:54 - 2013-12-14 13:19 - 00000000 ____D C:\Users\TLC\Desktop\newstuff
2013-12-13 16:24 - 2013-12-13 16:24 - 00000000 ____D C:\Users\TLC\AppData\Local\Golden_Frog,_Inc
2013-12-13 16:24 - 2013-12-13 16:24 - 00000000 ____D C:\Users\TLC\AppData\Local\Golden Frog, Inc
2013-12-13 16:23 - 2013-12-16 15:18 - 00000933 _____ C:\Windows\SysWOW64\vyprVPN.log
2013-12-13 16:23 - 2013-12-13 16:28 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2013-12-13 16:23 - 2013-12-13 16:23 - 00000000 ____D C:\ProgramData\Golden Frog, Inc
2013-12-13 16:20 - 2013-12-13 16:23 - 00000000 ____D C:\Program Files\TAP-Windows
2013-12-13 16:20 - 2013-12-13 16:23 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2013-12-13 16:19 - 2013-12-13 16:24 - 00000000 ___HD C:\ProgramData\{0366FA98-7F18-4B6B-8203-6D62D200FE4D}
2013-12-13 16:17 - 2013-12-13 16:17 - 03456840 _____ (Golden Frog Inc.                                                                                                                                                                                                                                                                                           ) C:\Users\TLC\Desktop\VyprVPN-2.0.2-installer.exe
2013-12-12 23:36 - 2013-12-12 23:36 - 04101441 _____ C:\Users\TLC\Desktop\tdsskiller.zip
2013-12-12 23:34 - 2013-12-12 23:37 - 00000000 ____D C:\Users\TLC\Desktop\tdsskiller
2013-12-12 22:56 - 2013-12-12 22:56 - 00003312 _____ C:\Windows\System32\Tasks\{40FE1D13-977E-488D-90DD-59CD7D0E9B39}
2013-12-12 22:51 - 2013-12-12 22:51 - 00000000 ____D C:\Program Files\My Dell
2013-12-12 22:16 - 2013-12-12 22:17 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-12 01:27 - 2013-12-12 01:27 - 00035879 _____ C:\ComboFix.txt
2013-12-12 00:58 - 2013-12-12 21:51 - 00000000 ___SD C:\ComboFix
2013-12-12 00:02 - 2013-12-12 22:37 - 00028481 _____ C:\Users\TLC\Desktop\helpp.txt
2013-12-11 20:46 - 2013-12-11 20:46 - 00000504 _____ C:\Users\TLC\Desktop\desktop.ini.txt
2013-12-11 17:50 - 2013-12-11 17:50 - 00000000 _____ C:\Users\TLC\defogger_reenable
2013-12-11 14:22 - 2013-12-11 14:22 - 00036950 _____ C:\Users\TLC\Desktop\ComboFix.txt
2013-12-11 13:51 - 2013-12-12 21:49 - 00000000 ____D C:\Qoobox
2013-12-11 13:51 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 13:51 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 13:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 13:51 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 13:50 - 2013-12-12 21:50 - 00000000 ____D C:\Windows\erdnt
2013-12-10 16:13 - 2013-12-10 16:15 - 00000000 ____D C:\2b2ee35360acefab747d510a
2013-12-10 16:11 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-10 16:11 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-10 16:11 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-10 16:11 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-10 16:11 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-10 16:11 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-10 16:11 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-10 16:11 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-10 16:11 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-10 16:11 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-10 16:11 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 16:11 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 16:11 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 16:11 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 16:11 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 16:11 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 16:11 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-10 16:11 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-10 16:11 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 16:11 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 16:11 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-10 16:11 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-10 16:11 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-10 16:11 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-10 16:11 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-10 16:11 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-10 16:11 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-10 16:11 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-10 16:11 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-10 16:11 - 2013-10-03 17:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-10 16:11 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-10 16:11 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-10 16:11 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-10 16:11 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-10 16:11 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-10 16:11 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-10 16:11 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-10 16:11 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-10 16:10 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 16:10 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 16:10 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 16:10 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 16:10 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 16:10 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 16:10 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-10 16:10 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 16:10 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 16:10 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 16:10 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-10 16:10 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 16:10 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 00:36 - 2013-12-10 00:36 - 00026927 _____ C:\Users\TLC\Desktop\dds.txt
2013-12-10 00:36 - 2013-12-10 00:36 - 00012222 _____ C:\Users\TLC\Desktop\attach.txt
2013-12-10 00:19 - 2013-12-16 15:19 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-12-10 00:19 - 2013-12-16 15:19 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-12-10 00:11 - 2013-12-11 18:23 - 00001935 _____ C:\Users\TLC\Desktop\0Problemlist1.txt
2013-12-09 19:46 - 2013-12-09 19:47 - 80897858 _____ C:\Users\TLC\Desktop\cureit2222.txt
2013-12-09 18:23 - 2013-12-09 18:23 - 10503842 _____ C:\Users\TLC\Desktop\cureittempfiles.txt
2013-12-09 18:20 - 2013-12-09 18:20 - 10503268 _____ C:\Users\TLC\Desktop\cureitsystemrestore.txt
2013-12-09 18:11 - 2013-12-09 18:11 - 10501884 _____ C:\Users\TLC\Desktop\cureitrootkit.txt
2013-12-09 17:56 - 2013-12-09 17:57 - 80898460 _____ C:\Users\TLC\Desktop\cureitneutralize.txt
2013-12-09 16:21 - 2013-12-09 16:22 - 80897858 _____ C:\Users\TLC\Desktop\cureit.log
2013-12-08 08:27 - 2013-12-12 22:16 - 00000000 ____D C:\Users\TLC\Doctor Web
2013-12-07 23:50 - 2013-12-16 17:23 - 00027597 _____ C:\Users\TLC\Desktop\Result.txt
2013-12-07 22:10 - 2013-12-07 22:10 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\TLC\Desktop\ADSSpy.exe
2013-12-07 20:06 - 2013-12-07 20:06 - 00809060 _____ C:\Users\TLC\AppData\Local\census.cache
2013-12-07 20:06 - 2013-12-07 20:06 - 00086197 _____ C:\Users\TLC\AppData\Local\ars.cache
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2013-12-07 19:41 - 2013-12-07 19:41 - 00000036 _____ C:\Users\TLC\AppData\Local\housecall.guid.cache
2013-12-07 17:33 - 2013-12-07 17:33 - 00000000 ____D C:\Users\TLC\AppData\Local\Secunia PSI
2013-12-07 17:33 - 2013-12-07 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-07 14:56 - 2013-12-10 06:12 - 00000000 ____D C:\Users\TLC\Desktop\NotHd
2013-12-06 12:48 - 2013-12-06 12:48 - 00067724 _____ C:\Users\TLC\Desktop\registry.txt
2013-12-06 05:13 - 2013-12-06 05:13 - 00001690 _____ C:\Users\TLC\Desktop\startup.txt
2013-12-06 05:09 - 2013-12-06 05:09 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 05:09 - 2013-12-06 05:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 05:08 - 2013-12-06 05:08 - 04618136 _____ (Piriform Ltd) C:\Users\TLC\Desktop\ccsetup408.exe
2013-12-05 05:16 - 2013-12-05 05:38 - 00000000 ____D C:\Users\TLC\AppData\Roaming\HandBrake
2013-12-05 04:39 - 2013-12-05 04:40 - 00000000 ___RD C:\Users\TLC\Desktop\TeamTyson
2013-12-04 10:37 - 2013-12-04 10:44 - 00000000 ___RD C:\Users\TLC\Desktop\Sabai
2013-12-04 10:24 - 2013-12-10 00:24 - 00000000 ___RD C:\Users\TLC\Desktop\StrongVPNLog
2013-11-30 13:46 - 2013-07-11 00:07 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\ntdsatq.dll
2013-11-30 13:46 - 2013-02-06 22:34 - 03273216 _____ (Microsoft Corporation) C:\Windows\system32\ntdsai.dll
2013-11-30 13:31 - 2013-11-30 13:31 - 00000000 ____D C:\Windows\system32\BestPractices
2013-11-30 13:31 - 2013-11-30 13:31 - 00000000 ____D C:\Windows\ADAM
2013-11-30 13:17 - 2013-11-30 13:17 - 00000000 ____D C:\Users\TLC\Documents\Fax
2013-11-30 02:46 - 2013-11-30 02:46 - 01581552 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongDial.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00411632 _____ (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.dll
2013-11-30 02:46 - 2013-11-30 02:46 - 00380912 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongHelper.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00225264 _____ (Jeff Winn) C:\Windows\SysWOW64\DotRas.dll
2013-11-30 02:46 - 2013-11-30 02:46 - 00086512 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongService.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00037769 _____ C:\Windows\SysWOW64\extra_licenses.txt
2013-11-28 08:46 - 2013-11-28 08:26 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts.20131128-084639.backup
2013-11-28 08:26 - 2013-11-14 13:16 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts.20131128-082617.backup
2013-11-28 06:30 - 2013-11-28 06:30 - 00007606 _____ C:\Users\TLC\AppData\Local\Resmon.ResmonCfg
2013-11-27 02:28 - 2013-11-27 02:28 - 00000000 ____D C:\ProgramData\CanonBJ
2013-11-27 02:27 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAQ.DLL
2013-11-27 02:27 - 2011-04-27 11:01 - 00373248 _____ (CANON INC.) C:\Windows\system32\CNC_AQL.dll
2013-11-27 02:27 - 2011-04-27 11:00 - 00323584 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_AQL.dll
2013-11-27 02:27 - 2011-03-31 10:07 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNC_AQC.dll
2013-11-27 02:27 - 2011-03-31 10:07 - 00114688 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_AQU.dll
2013-11-27 02:27 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_AQI.dll
2013-11-27 02:27 - 2010-11-29 09:13 - 00063744 _____ C:\Windows\SysWOW64\CNC1751D.TBL
2013-11-27 02:27 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-11-27 02:27 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-11-26 22:07 - 2013-11-26 22:07 - 00411944 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencbdc.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00096112 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencrk.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00010856 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnrk.sys
2013-11-22 12:52 - 2013-11-22 12:52 - 00000000 ____D C:\Users\TLC\AppData\Roaming\LavasoftStatistics
2013-11-22 12:38 - 2013-11-22 12:38 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-22 05:04 - 2013-11-22 05:06 - 00000000 ____D C:\Sigcheck
2013-11-21 12:29 - 2013-11-21 12:29 - 00000000 ____D C:\Users\TLC\AppData\Roaming\Malwarebytes
2013-11-21 12:28 - 2013-12-16 17:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 12:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-21 00:00 - 2013-12-14 11:25 - 00000000 ____D C:\Program Files (x86)\StrongVPN
2013-11-21 00:00 - 2013-10-31 14:43 - 00038760 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapstrong.sys

==================== One Month Modified Files and Folders =======

2013-12-16 18:15 - 2013-12-16 18:15 - 00015002 _____ C:\Users\TLC\Desktop\FRST.txt
2013-12-16 18:14 - 2013-12-16 12:54 - 00000000 ____D C:\Users\TLC\Desktop\problems
2013-12-16 18:10 - 2013-12-16 12:59 - 00004151 _____ C:\Users\TLC\Desktop\NewProblems.txt
2013-12-16 18:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-16 17:30 - 2013-11-07 06:09 - 00001883 _____ C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
2013-12-16 17:26 - 2013-12-16 17:26 - 00001152 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-16 17:26 - 2013-11-21 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-16 17:23 - 2013-12-07 23:50 - 00027597 _____ C:\Users\TLC\Desktop\Result.txt
2013-12-16 17:09 - 2013-12-16 17:09 - 00000000 ____D C:\FRST
2013-12-16 17:07 - 2013-12-16 17:07 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\TLC\Desktop\mbam-setup.exe
2013-12-16 17:03 - 2013-12-16 17:03 - 00760937 _____ (Farbar) C:\Users\TLC\Desktop\MiniToolBox.exe
2013-12-16 17:02 - 2013-12-16 17:02 - 01927940 _____ (Farbar) C:\Users\TLC\Desktop\FRST64.exe
2013-12-16 16:43 - 2013-11-10 00:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2013-12-16 15:40 - 2013-12-16 15:40 - 00002089 _____ C:\Users\TLC\Desktop\Windowscannotcheckforupdates.txt
2013-12-16 15:40 - 2013-11-04 11:59 - 00004976 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SWEETHOMEAL-TLC SweetHomeAl
2013-12-16 15:30 - 2013-05-10 00:47 - 01322872 _____ C:\Windows\WindowsUpdate.log
2013-12-16 15:20 - 2013-11-04 11:17 - 00000000 __RSD C:\Users\TLC\Documents\McAfee Vaults
2013-12-16 15:19 - 2013-12-10 00:19 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-12-16 15:19 - 2013-12-10 00:19 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-12-16 15:18 - 2013-12-13 16:23 - 00000933 _____ C:\Windows\SysWOW64\vyprVPN.log
2013-12-16 15:18 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 14:25 - 2012-07-26 00:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-12-16 14:07 - 2013-12-16 13:18 - 00000000 ____D C:\Users\TLC\AppData\Roaming\vlc
2013-12-16 13:17 - 2013-12-16 13:17 - 00001109 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-16 13:16 - 2013-12-16 13:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-16 13:03 - 2013-12-16 13:02 - 00449448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 13:02 - 2013-12-16 13:02 - 00146636 _____ C:\Windows\PFRO.log
2013-12-16 13:02 - 2013-05-10 00:35 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-16 12:49 - 2013-12-16 12:49 - 24097311 _____ C:\Users\TLC\Desktop\vlc-2.1.2-win32.exe
2013-12-14 13:19 - 2013-12-14 04:54 - 00000000 ____D C:\Users\TLC\Desktop\newstuff
2013-12-14 12:06 - 2013-11-04 18:08 - 00000000 ____D C:\Users\TLC\AppData\Local\CrashDumps
2013-12-14 11:25 - 2013-11-21 00:00 - 00000000 ____D C:\Program Files (x86)\StrongVPN
2013-12-13 16:28 - 2013-12-13 16:23 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2013-12-13 16:24 - 2013-12-13 16:24 - 00000000 ____D C:\Users\TLC\AppData\Local\Golden_Frog,_Inc
2013-12-13 16:24 - 2013-12-13 16:24 - 00000000 ____D C:\Users\TLC\AppData\Local\Golden Frog, Inc
2013-12-13 16:24 - 2013-12-13 16:19 - 00000000 ___HD C:\ProgramData\{0366FA98-7F18-4B6B-8203-6D62D200FE4D}
2013-12-13 16:23 - 2013-12-13 16:23 - 00000000 ____D C:\ProgramData\Golden Frog, Inc
2013-12-13 16:23 - 2013-12-13 16:20 - 00000000 ____D C:\Program Files\TAP-Windows
2013-12-13 16:23 - 2013-12-13 16:20 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2013-12-13 16:17 - 2013-12-13 16:17 - 03456840 _____ (Golden Frog, Inc.                                                                                                                                                                                                                                                                                           ) C:\Users\TLC\Desktop\VyprVPN-2.0.2-installer.exe
2013-12-13 15:44 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-13 03:23 - 2013-11-04 10:59 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1728614643-3146882776-3930629701-1001
2013-12-13 00:09 - 2013-11-04 19:53 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-12 23:37 - 2013-12-12 23:34 - 00000000 ____D C:\Users\TLC\Desktop\tdsskiller
2013-12-12 23:36 - 2013-12-12 23:36 - 04101441 _____ C:\Users\TLC\Desktop\tdsskiller.zip
2013-12-12 22:58 - 2013-05-10 01:22 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2013-12-12 22:56 - 2013-12-12 22:56 - 00003312 _____ C:\Windows\System32\Tasks\{40FE1D13-977E-488D-90DD-59CD7D0E9B39}
2013-12-12 22:53 - 2013-11-14 07:33 - 00000000 ___RD C:\Users\BigBadJohn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-12 22:53 - 2013-11-08 05:24 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2013-12-12 22:51 - 2013-12-12 22:51 - 00000000 ____D C:\Program Files\My Dell
2013-12-12 22:37 - 2013-12-12 00:02 - 00028481 _____ C:\Users\TLC\Desktop\helpp.txt
2013-12-12 22:17 - 2013-12-12 22:16 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-12 22:16 - 2013-12-08 08:27 - 00000000 ____D C:\Users\TLC\Doctor Web
2013-12-12 21:56 - 2013-11-04 10:52 - 00000000 ____D C:\Users\TLC
2013-12-12 21:54 - 2013-11-14 07:31 - 00000000 ____D C:\Users\BigBadJohn
2013-12-12 21:54 - 2013-05-10 01:20 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-12-12 21:53 - 2013-11-13 04:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-12-12 21:53 - 2013-11-13 00:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-12 21:53 - 2013-11-13 00:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-12 21:53 - 2013-11-10 02:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-12 21:52 - 2013-11-07 22:41 - 00000000 ____D C:\Program Files (x86)\DVDFab Media Player 2
2013-12-12 21:52 - 2013-11-07 21:47 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2013-12-12 21:51 - 2013-12-12 00:58 - 00000000 ___SD C:\ComboFix
2013-12-12 21:50 - 2013-12-11 13:50 - 00000000 ____D C:\Windows\erdnt
2013-12-12 21:50 - 2013-11-13 00:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-12 21:50 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\registration
2013-12-12 21:49 - 2013-12-11 13:51 - 00000000 ____D C:\Qoobox
2013-12-12 21:49 - 2013-11-10 02:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 21:48 - 2013-11-13 01:59 - 00000000 ____D C:\Program Files (x86)\Safer Networking
2013-12-12 05:23 - 2013-11-06 22:51 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-12 01:27 - 2013-12-12 01:27 - 00035879 _____ C:\ComboFix.txt
2013-12-11 23:41 - 2013-11-04 11:51 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-11 23:04 - 2012-07-26 02:28 - 00890924 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 20:46 - 2013-12-11 20:46 - 00000504 _____ C:\Users\TLC\Desktop\desktop.ini.txt
2013-12-11 19:10 - 2013-11-15 17:50 - 00005632 _____ C:\Users\TLC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-11 18:23 - 2013-12-10 00:11 - 00001935 _____ C:\Users\TLC\Desktop\0Problemlist1.txt
2013-12-11 17:50 - 2013-12-11 17:50 - 00000000 _____ C:\Users\TLC\defogger_reenable
2013-12-11 17:50 - 2013-05-10 01:15 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-11 17:03 - 2012-07-26 00:26 - 00000215 _____ C:\Windows\system.ini
2013-12-11 14:22 - 2013-12-11 14:22 - 00036950 _____ C:\Users\TLC\Desktop\ComboFix.txt
2013-12-10 17:03 - 2013-11-07 06:03 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 16:55 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2013-12-10 16:17 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-10 16:15 - 2013-12-10 16:13 - 00000000 ____D C:\2b2ee35360acefab747d510a
2013-12-10 16:15 - 2013-11-04 16:09 - 00000000 ____D C:\Windows\system32\MRT
2013-12-10 16:13 - 2013-11-04 16:09 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 16:13 - 2012-07-26 00:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-10 06:12 - 2013-12-07 14:56 - 00000000 ____D C:\Users\TLC\Desktop\NotHd
2013-12-10 00:36 - 2013-12-10 00:36 - 00026927 _____ C:\Users\TLC\Desktop\dds.txt
2013-12-10 00:36 - 2013-12-10 00:36 - 00012222 _____ C:\Users\TLC\Desktop\attach.txt
2013-12-10 00:24 - 2013-12-04 10:24 - 00000000 ___RD C:\Users\TLC\Desktop\StrongVPNLog
2013-12-09 19:47 - 2013-12-09 19:46 - 80897858 _____ C:\Users\TLC\Desktop\cureit2222.txt
2013-12-09 18:23 - 2013-12-09 18:23 - 10503842 _____ C:\Users\TLC\Desktop\cureittempfiles.txt
2013-12-09 18:20 - 2013-12-09 18:20 - 10503268 _____ C:\Users\TLC\Desktop\cureitsystemrestore.txt
2013-12-09 18:11 - 2013-12-09 18:11 - 10501884 _____ C:\Users\TLC\Desktop\cureitrootkit.txt
2013-12-09 17:57 - 2013-12-09 17:56 - 80898460 _____ C:\Users\TLC\Desktop\cureitneutralize.txt
2013-12-09 16:22 - 2013-12-09 16:21 - 80897858 _____ C:\Users\TLC\Desktop\cureit.log
2013-12-07 22:10 - 2013-12-07 22:10 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\TLC\Desktop\ADSSpy.exe
2013-12-07 20:06 - 2013-12-07 20:06 - 00809060 _____ C:\Users\TLC\AppData\Local\census.cache
2013-12-07 20:06 - 2013-12-07 20:06 - 00086197 _____ C:\Users\TLC\AppData\Local\ars.cache
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-12-07 19:53 - 2013-12-07 19:53 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2013-12-07 19:41 - 2013-12-07 19:41 - 00000036 _____ C:\Users\TLC\AppData\Local\housecall.guid.cache
2013-12-07 17:33 - 2013-12-07 17:33 - 00000000 ____D C:\Users\TLC\AppData\Local\Secunia PSI
2013-12-07 17:33 - 2013-12-07 17:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-06 12:48 - 2013-12-06 12:48 - 00067724 _____ C:\Users\TLC\Desktop\registry.txt
2013-12-06 12:45 - 2013-05-10 00:22 - 00000000 ____D C:\Windows\Panther
2013-12-06 05:13 - 2013-12-06 05:13 - 00001690 _____ C:\Users\TLC\Desktop\startup.txt
2013-12-06 05:09 - 2013-12-06 05:09 - 00000861 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-06 05:09 - 2013-12-06 05:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-06 05:08 - 2013-12-06 05:08 - 04618136 _____ (Piriform Ltd) C:\Users\TLC\Desktop\ccsetup408.exe
2013-12-05 20:39 - 2013-11-15 20:21 - 00000000 ___RD C:\Users\TLC\Desktop\Praxis
2013-12-05 07:37 - 2013-11-04 10:52 - 00000000 ____D C:\Users\TLC\AppData\Local\Packages
2013-12-05 05:38 - 2013-12-05 05:16 - 00000000 ____D C:\Users\TLC\AppData\Roaming\HandBrake
2013-12-05 04:40 - 2013-12-05 04:39 - 00000000 ___RD C:\Users\TLC\Desktop\TeamTyson
2013-12-04 12:41 - 2013-11-15 20:23 - 00000000 ___RD C:\Users\TLC\Desktop\Geeksquad
2013-12-04 10:44 - 2013-12-04 10:37 - 00000000 ___RD C:\Users\TLC\Desktop\Sabai
2013-12-03 21:09 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-03 21:08 - 2013-11-07 06:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-03 19:53 - 2013-11-13 10:13 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:53 - 2013-11-13 10:13 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 07:53 - 2013-11-10 02:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-03 06:53 - 2013-11-10 01:59 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-03 03:22 - 2013-11-13 10:21 - 00000000 ____D C:\Users\TLC\AppData\Local\NPE
2013-11-30 13:31 - 2013-11-30 13:31 - 00000000 ____D C:\Windows\system32\BestPractices
2013-11-30 13:31 - 2013-11-30 13:31 - 00000000 ____D C:\Windows\ADAM
2013-11-30 13:31 - 2013-11-04 11:56 - 00000000 ___RD C:\Users\TLC\SkyDrive
2013-11-30 13:17 - 2013-11-30 13:17 - 00000000 ____D C:\Users\TLC\Documents\Fax
2013-11-30 02:54 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 02:46 - 2013-11-30 02:46 - 01581552 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongDial.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00411632 _____ (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.dll
2013-11-30 02:46 - 2013-11-30 02:46 - 00380912 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongHelper.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00225264 _____ (Jeff Winn) C:\Windows\SysWOW64\DotRas.dll
2013-11-30 02:46 - 2013-11-30 02:46 - 00086512 _____ (Black Oak Computers, Inc.) C:\Windows\SysWOW64\StrongService.exe
2013-11-30 02:46 - 2013-11-30 02:46 - 00037769 _____ C:\Windows\SysWOW64\extra_licenses.txt
2013-11-28 08:26 - 2013-11-28 08:46 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts.20131128-084639.backup
2013-11-28 07:28 - 2013-11-10 00:05 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-28 06:30 - 2013-11-28 06:30 - 00007606 _____ C:\Users\TLC\AppData\Local\Resmon.ResmonCfg
2013-11-27 14:45 - 2013-11-09 23:42 - 00000000 ____D C:\AdwCleaner
2013-11-27 02:28 - 2013-11-27 02:28 - 00000000 ____D C:\ProgramData\CanonBJ
2013-11-27 02:27 - 2012-07-26 03:12 - 00000000 __RSD C:\Windows\Media
2013-11-26 22:07 - 2013-11-26 22:07 - 00411944 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencbdc.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00096112 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfencrk.sys
2013-11-26 22:07 - 2013-11-26 22:07 - 00010856 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeclnrk.sys
2013-11-23 01:43 - 2013-12-10 16:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 00:05 - 2013-12-10 16:10 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-22 12:52 - 2013-11-22 12:52 - 00000000 ____D C:\Users\TLC\AppData\Roaming\LavasoftStatistics
2013-11-22 12:38 - 2013-11-22 12:38 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-22 06:04 - 2013-10-31 15:18 - 00562368 _____ (Sysinternals - www.sysinternals.com) C:\RAMMap.exe
2013-11-22 06:04 - 2013-10-31 15:18 - 00294080 _____ (Sysinternals - www.sysinternals.com) C:\sigcheck.exe
2013-11-22 06:04 - 2013-10-22 08:59 - 00387776 _____ (Sysinternals - www.sysinternals.com) C:\PsExec.exe
2013-11-22 06:04 - 2013-07-31 13:08 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe
2013-11-22 06:04 - 2013-07-31 13:08 - 01767104 _____ (Sysinternals - www.sysinternals.com) C:\disk2vhd.exe
2013-11-22 06:04 - 2013-07-31 13:08 - 00847040 _____ (Sysinternals) C:\Bginfo.exe
2013-11-22 06:04 - 2013-07-31 13:08 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\autoruns.exe
2013-11-22 06:04 - 2013-07-31 13:08 - 00579264 _____ (Sysinternals - www.sysinternals.com) C:\autorunsc.exe
2013-11-22 06:04 - 2013-06-18 15:12 - 00596160 _____ (Sysinternals - www.sysinternals.com) C:\ZoomIt.exe
2013-11-22 06:04 - 2013-06-18 15:12 - 00090304 _____ (Sysinternals) C:\strings.exe
2013-11-22 06:04 - 2013-05-31 15:54 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Procmon.exe
2013-11-22 06:04 - 2013-05-15 23:46 - 00478400 _____ (Sysinternals - www.sysinternals.com) C:\procdump.exe
2013-11-22 06:04 - 2013-05-15 23:46 - 00328384 _____ (Sysinternals - www.sysinternals.com) C:\accesschk.exe
2013-11-22 06:04 - 2013-03-24 23:24 - 00223424 _____ (Sysinternals - www.sysinternals.com) C:\du.exe
2013-11-22 06:04 - 2013-03-24 23:24 - 00150720 _____ (Sysinternals - www.sysinternals.com) C:\ru.exe
2013-11-22 06:04 - 2013-03-17 16:52 - 00049518 _____ C:\autoruns.chm
2013-11-22 06:04 - 2013-02-04 23:46 - 00130648 _____ (Sysinternals - www.sysinternals.com) C:\pendmoves.exe
2013-11-22 06:04 - 2013-01-23 00:12 - 00462936 _____ (Sysinternals) C:\handle.exe
2013-11-22 06:04 - 2013-01-23 00:12 - 00130160 _____ (Sysinternals - www.sysinternals.com) C:\movefile.exe
2013-11-22 06:04 - 2013-01-09 15:26 - 00155736 _____ (Sysinternals) C:\sdelete.exe
2013-11-22 06:04 - 2012-12-03 11:10 - 00468056 _____ (Sysinternals) C:\Dbgview.exe
2013-11-22 06:04 - 2012-11-14 11:22 - 01479256 _____ (Sysinternals - www.sysinternals.com) C:\Coreinfo.exe
2013-11-22 06:04 - 2012-11-14 11:22 - 00479832 _____ (Sysinternals - www.sysinternals.com) C:\ADExplorer.exe
2013-11-22 06:04 - 2012-11-14 11:22 - 00207960 _____ (Sysinternals) C:\Contig.exe
2013-11-22 06:04 - 2012-10-17 18:28 - 00539736 _____ (Sysinternals - www.sysinternals.com) C:\livekd.exe
2013-11-22 06:04 - 2012-10-17 18:28 - 00171608 _____ (Sysinternals - www.sysinternals.com) C:\pspasswd.exe
2013-11-22 06:04 - 2012-10-17 18:28 - 00144984 _____ (Sysinternals - www.sysinternals.com) C:\whois.exe
2013-11-22 06:04 - 2012-10-17 18:28 - 00116824 _____ (Sysinternals - www.sysinternals.com) C:\Desktops.exe
2013-11-22 06:04 - 2012-10-15 14:23 - 00072154 _____ C:\procexp.chm
2013-11-22 06:04 - 2012-10-02 14:03 - 00167048 _____ (Sysinternals - www.sysinternals.com) C:\psping.exe
2013-11-22 06:04 - 2012-10-01 09:23 - 00066582 _____ C:\Pstools.chm
2013-11-22 06:04 - 2012-09-10 09:16 - 01056392 _____ (Sysinternals - www.sysinternals.com) C:\vmmap.exe
2013-11-22 06:04 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\pskill.exe
2013-11-22 06:04 - 2012-03-22 15:53 - 00232232 _____ (Sysinternals - www.sysinternals.com) C:\pslist.exe
2013-11-22 06:04 - 2012-01-13 17:35 - 00451392 _____ (SysInternals) C:\portmon.exe
2013-11-22 06:04 - 2011-11-28 11:46 - 00063582 _____ C:\procmon.chm
2013-11-22 06:04 - 2011-07-25 12:40 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Tcpview.exe
2013-11-22 06:04 - 2011-07-07 13:28 - 00520496 _____ (Sysinternals) C:\Listdlls.exe
2013-11-22 06:04 - 2011-07-07 13:28 - 00103216 _____ (Sysinternals) C:\FindLinks.exe
2013-11-22 06:04 - 2011-02-22 15:18 - 00148856 _____ (Sysinternals - www.sysinternals.com) C:\Autologon.exe
2013-11-22 06:04 - 2011-02-14 12:37 - 00729464 _____ (Sysinternals) C:\Winobj.exe
2013-11-22 06:04 - 2010-10-27 13:57 - 00051747 _____ C:\Vmmap.chm
2013-11-22 06:04 - 2010-09-07 15:39 - 00150392 _____ (Sysinternals - www.sysinternals.com) C:\junction.exe
2013-11-22 06:04 - 2010-07-28 15:47 - 00199544 _____ (Sysinternals - www.sysinternals.com) C:\Tcpvcon.exe
2013-11-22 06:04 - 2010-07-02 16:03 - 00041074 _____ C:\tcpview.chm
2013-11-22 06:04 - 2010-04-30 11:43 - 00261496 _____ (Sysinternals) C:\logonsessions.exe
2013-11-22 06:04 - 2010-04-27 11:04 - 00390520 _____ (Sysinternals - www.sysinternals.com) C:\PsInfo.exe
2013-11-22 06:04 - 2010-04-27 11:04 - 00333176 _____ (Sysinternals - www.sysinternals.com) C:\PsGetsid.exe
2013-11-22 06:04 - 2010-04-27 11:04 - 00183160 _____ (Sysinternals - www.sysinternals.com) C:\PsLoggedon.exe
2013-11-22 06:04 - 2010-04-27 11:04 - 00178040 _____ (Sysinternals - www.sysinternals.com) C:\psloglist.exe
2013-11-22 06:04 - 2010-04-27 11:04 - 00169848 _____ (Sysinternals - www.sysinternals.com) C:\PsService.exe
2013-11-22 06:04 - 2010-03-24 14:00 - 00580984 _____ (Sysinternals - www.sysinternals.com) C:\DiskView.exe
2013-11-22 06:04 - 2009-11-19 12:31 - 00040683 _____ C:\Disk2vhd.chm
2013-11-22 06:04 - 2009-06-03 22:36 - 00151936 _____ (Sysinternals) C:\Clockres.exe
2013-11-22 06:04 - 2008-02-27 18:51 - 00103464 _____ (Sysinternals - www.sysinternals.com) C:\ShellRunas.exe
2013-11-22 06:04 - 2007-11-20 13:25 - 01049640 _____ (Sysinternals - www.sysinternals.com) C:\ADInsight.exe
2013-11-22 06:04 - 2007-11-07 10:13 - 00401616 _____ C:\ADInsight.chm
2013-11-22 06:04 - 2007-11-06 09:17 - 00000039 _____ C:\psversion.txt
2013-11-22 06:04 - 2007-07-12 06:26 - 00050379 _____ C:\AdExplorer.chm
2013-11-22 06:04 - 2007-05-14 08:42 - 00087424 _____ (Sysinternals - www.sysinternals.com) C:\diskext.exe
2013-11-22 06:04 - 2007-04-27 10:17 - 00087424 _____ (Sysinternals) C:\streams.exe
2013-11-22 06:04 - 2006-12-04 17:53 - 00207664 _____ (Sysinternals - www.sysinternals.com) C:\psshutdown.exe
2013-11-22 06:04 - 2006-12-04 17:53 - 00187184 _____ (Sysinternals) C:\pssuspend.exe
2013-11-22 06:04 - 2006-12-04 17:53 - 00105264 _____ (Sysinternals) C:\psfile.exe
2013-11-22 06:04 - 2006-11-01 14:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\RootkitRevealer.exe
2013-11-22 06:04 - 2006-11-01 14:07 - 00260976 _____ C:\ShareEnum.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00224056 _____ (Sysinternals) C:\Diskmon.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00215928 _____ (Sysinternals) C:\pagedfrg.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00174968 _____ (Sysinternals - www.sysinternals.com) C:\AccessEnum.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00162616 _____ (Sysinternals - www.sysinternals.com) C:\RegDelNull.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00154424 _____ C:\LoadOrd.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00154424 _____ C:\ldmdump.exe
2013-11-22 06:04 - 2006-11-01 14:06 - 00154424 _____ C:\Cacheset.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00154424 _____ C:\Volumeid.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ C:\pipelist.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ C:\hex2dec.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ C:\ctrl2cap.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ C:\adrestore.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ (Sysinternals) C:\sync.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00150328 _____ (Sysinternals - www.sysinternals.com) C:\regjump.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00146232 _____ C:\efsdump.exe
2013-11-22 06:04 - 2006-11-01 14:05 - 00122680 _____ C:\ntfsinfo.exe
2013-11-22 06:04 - 2006-09-27 18:04 - 00010104 _____ (Systems Internals) C:\ctrl2cap.amd.sys
2013-11-22 06:04 - 2006-07-28 09:32 - 00007005 _____ C:\Eula.txt
2013-11-22 06:04 - 2005-12-07 15:19 - 00102160 _____ C:\RootkitRevealer.chm
2013-11-22 06:04 - 2005-09-15 09:49 - 00068539 _____ C:\dbgview.chm
2013-11-22 06:04 - 2003-12-08 10:40 - 00009519 _____ C:\DISKMON.HLP
2013-11-22 06:04 - 2002-09-02 13:13 - 00007983 _____ C:\TCPVIEW.HLP
2013-11-22 06:04 - 2000-07-23 19:58 - 00008419 _____ C:\pagedfrg.hlp
2013-11-22 06:04 - 2000-01-31 09:20 - 00043428 _____ C:\PORTMON.HLP
2013-11-22 06:04 - 1999-12-30 11:26 - 00007653 _____ C:\WINOBJ.HLP
2013-11-22 06:04 - 1999-11-21 19:46 - 00002832 _____ (Systems Internals) C:\ctrl2cap.nt5.sys
2013-11-22 06:04 - 1999-11-21 18:20 - 00002864 _____ (Systems Internals) C:\ctrl2cap.nt4.sys
2013-11-22 06:04 - 1999-10-14 14:45 - 00011728 _____ C:\DMON.SYS
2013-11-22 06:04 - 1999-07-30 16:28 - 00000422 _____ C:\PORTMON.CNT
2013-11-22 05:06 - 2013-11-22 05:04 - 00000000 ____D C:\Sigcheck
2013-11-21 12:29 - 2013-11-21 12:29 - 00000000 ____D C:\Users\TLC\AppData\Roaming\Malwarebytes
2013-11-21 00:03 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-19 14:58 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-08 04:38

==================== End Of Log ============================

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by TLC (administrator) on 16-12-2013 at 17:22:29
Running from "C:\Users\TLC\Desktop"
Microsoft Windows 8 Pro with Media Center  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Ethernet (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 20" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 21" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SweetHomeAl
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
   System Quarantine State . . . . . : Not Restricted

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-F0-74-ED
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 5E-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 1C-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F0-1F-AF-0A-D8-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 76.116.116.61(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Monday, December 16, 2013 3:18:12 PM
   Lease Expires . . . . . . . . . . : Friday, December 20, 2013 3:18:13 PM
   Default Gateway . . . . . . . . . : 76.116.116.1
   DHCP Server . . . . . . . . . . . : 69.252.208.68
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4c74:743d::4c74:743d(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.nj.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1c4b:2c55:b38b:8bc2(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c4b:2c55:b38b:8bc2%20(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4006:803::1000
   173.194.43.2
   173.194.43.9
   173.194.43.1
   173.194.43.3
   173.194.43.6
   173.194.43.14
   173.194.43.4
   173.194.43.5
   173.194.43.7
   173.194.43.8
   173.194.43.0

Pinging google.com [74.125.226.198] with 32 bytes of data:
Reply from 74.125.226.198: bytes=32 time=105ms TTL=56
Reply from 74.125.226.198: bytes=32 time=17ms TTL=56

Ping statistics for 74.125.226.198:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 105ms, Average = 61ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=29ms TTL=51
Reply from 98.139.183.24: bytes=32 time=46ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 46ms, Average = 37ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 30...00 ff 2c f0 74 ed ......TAP-Windows Adapter V9
 29...5e 3e 84 ad fd 6b ......Microsoft Hosted Network Virtual Adapter
 14...1e 3e 84 ad fd 6b ......Microsoft Wi-Fi Direct Virtual Adapter
 13...1c 3e 84 ad fd 6b ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
 12...f0 1f af 0a d8 2d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     76.116.116.1    76.116.116.61     20
    69.252.208.68  255.255.255.255     76.116.116.1    76.116.116.61     20
     76.116.116.0    255.255.252.0         On-link     76.116.116.61    276
    76.116.116.61  255.255.255.255         On-link     76.116.116.61    276
   76.116.119.255  255.255.255.255         On-link     76.116.116.61    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    216.168.3.150  255.255.255.255     76.116.116.1    76.116.116.61     20
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     76.116.116.61    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     76.116.116.61    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 20    306 2001::/32                On-link
 20    306 2001:0:9d38:90d7:1c4b:2c55:b38b:8bc2/128
                                    On-link
 16   1025 2002::/16                On-link
 16    281 2002:4c74:743d::4c74:743d/128
                                    On-link
 20    306 fe80::/64                On-link
 20    306 fe80::1c4b:2c55:b38b:8bc2/128
                                    On-link
  1    306 ff00::/8                 On-link
 20    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2013 03:20:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e2ceb0bc-3be0-4665-b459-b6e4f7ae2c45}

Error: (12/16/2013 01:05:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {637ff32b-394c-4d15-a6e7-d1efb00c4a98}

Error: (12/16/2013 11:37:44 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -2147024882

Error: (12/16/2013 11:37:44 AM) (Source: Microsoft Office 15) (User: )
Description: Office Subscription licensing exception: Error Code: 0x8007000E; CorrelationId: {B79DE482-8010-4CF9-BF82-968ABE0765F6}

Error: (12/16/2013 03:01:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/16/2013 03:00:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0146131386712982) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/15/2013 03:02:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/15/2013 03:00:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/14/2013 00:05:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5123410e
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d4e1
Exception code: 0xc0000005
Fault offset: 0x0000000000009086
Faulting process id: 0x10bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (12/14/2013 00:02:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5123410e
Faulting module name: MSHTML.dll, version: 10.0.9200.16750, time stamp: 0x5269d4e1
Exception code: 0xc0000005
Fault offset: 0x0000000000009086
Faulting process id: 0x10414
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (12/16/2013 03:19:06 PM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: ??\Device\HarddiskVolume33

Error: (12/16/2013 03:18:24 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/16/2013 03:18:15 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/16/2013 01:04:09 PM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: ??\Device\HarddiskVolume33

Error: (12/16/2013 01:03:22 PM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/16/2013 01:03:16 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/16/2013 01:02:36 PM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: \\?\Volume{1876a7bb-379d-4372-9b16-4ae5c1ea0f11}\Device\HarddiskVolume63

Error: (12/16/2013 01:01:42 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/16/2013 03:00:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.

Error: (12/15/2013 03:00:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.

Microsoft Office Sessions:
=========================
Error: (12/16/2013 03:20:52 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e2ceb0bc-3be0-4665-b459-b6e4f7ae2c45}

Error: (12/16/2013 01:05:58 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {637ff32b-394c-4d15-a6e7-d1efb00c4a98}

Error: (12/16/2013 11:37:44 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -2147024882

Error: (12/16/2013 11:37:44 AM) (Source: Microsoft Office 15)(User: )
Description: Office Subscription licensing exception: Error Code: 0x8007000E; CorrelationId: {B79DE482-8010-4CF9-BF82-968ABE0765F6}

Error: (12/16/2013 03:01:02 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (12/16/2013 03:00:10 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0146131386712982) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/15/2013 03:02:42 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (12/15/2013 03:00:45 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (12/14/2013 00:05:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375123410eMSHTML.dll10.0.9200.167505269d4e1c0000005000000000000908610bc01cef8ee452e64c1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\MSHTML.dll0093ffa0-64e2-11e3-be8e-f01faf0ad82d

Error: (12/14/2013 00:02:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375123410eMSHTML.dll10.0.9200.167505269d4e1c000000500000000000090861041401cef8edce5531a3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\MSHTML.dll80ed635c-64e1-11e3-be8e-f01faf0ad82d

CodeIntegrity Errors:
===================================
  Date: 2013-12-11 13:58:16.032
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.08)
CyberLink LabelPrint 2.5 (Version: 2.5.5415)
CyberLink Media Suite 10 (Version: 10.0.1.2417)
CyberLink Media Suite Essentials (Version: 10.0)
CyberLink Power2Go 8 (Version: 8.0.0.2126)
CyberLink PowerDirector 10 (Version: 10.0.1.2413)
CyberLink PowerDVD 10 (Version: 10.0.4828.52)
CyberLink PowerDVD 13 (Version: 13.0.3313.58)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery - Support Software (Version: 1.0.0.6)
Dell Backup and Recovery (Version: 1.0.0.6)
Dell Touchpad (Version: 16.3.7.0)
Dell WLAN and Bluetooth Client Installation (Version: 10.0)
DVDFab 9.0.7.2 (18/10/2013)
DVDFab Media Player 2 (Version: 2.2.0.0)
FileAlyzer 2 (Version: 2.0.5.57)
iCloud (Version: 3.0.2.163)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2867)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.3.8)
Malwarebytes Anti-Exploit version 0.09.3.1000 (Version: 0.09.3.1000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee All Access – Total Protection (Version: 12.8.903)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Virtual Technician (Version: 7.1.0.2483)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1011)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1011)
OpenVPN 2.3.2-I003  (Version: 2.3.2-I003)
Photo Gallery (Version: 16.4.3505.0912)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.218)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6788)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)
RegAlyzer (Version: 1.6.2.16)
Shared C Run-time for x64 (Version: 10.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy (Version: 2.2.25)
SUPERAntiSpyware (Version: 5.6.1042)
TAP-Windows 9.9.2 (Version: 9.9.2)
VLC media player 2.1.2 (Version: 2.1.2)
VyprVPN (Version: 2.0.2.1579)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 8061.27 MB
Available physical RAM: 6218.82 MB
Total Pagefile: 9277.27 MB
Available Pagefile: 7290.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.25 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:452.95 GB) (Free:58.42 GB) NTFS

========================= Users: ========================================

User accounts for \\SWEETHOMEAL

Administrator            BigBadJohn               Guest                   
TLC                     

**** End of log ****



#12 Havin' Problems

Havin' Problems
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 16 December 2013 - 06:49 PM

Jason,

 

Attached are two pictures. One showing that "trusted installer" is the owner of my "C" drive. That can't be right, can it? Also a quick screenshot of "process monitor" showing how much activity is going on behind the scenes. I don't know if it's normal or not, but all this activity occurred in like 0.01 seconds. If I let it go and you just watched it, this would repeat at the same rate, generating a million events per couple hours.

Attached Files



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 16 December 2013 - 08:16 PM

A)  I think the CD/DVD sound you're hearing is normal. To rule out Windows Media Player as the cause, one thing to try is
to download and install VLC and see if you get the same symptoms when playing a movie with VLC. If you do, then it's
probably normal. If you don't, then there's something odd with Windows Media Player. Response: I downloaded VLC and the
CD/DVD drive noise does not occur when playing video files. However, the noise occurs everytime I reboot, and when I
launch "Process Monitor" as mentioned below.


It's odd that you hear the sound when you launch Process Monitor. I don't think it's anything to worry about, though.
 

B ) I think what you see with the folders refreshing is normal. Does it take more than a couple seconds to refresh the
contents of a folder? Response: Yes. Sometimes it takes a few minutes.

How long has this been happening? Just recently?
 

C) You see files being added to C:\Windows? Response:  Yes, I see files added to my C:\Windows folder that I know have not
been there long. Some of them are: PEV.exe, MBR.exe, MOBK.blk, MOBK.flt, NIRCMD.exe, grep.exe, sed.exe, SWREG.exe,
SWSC.exe, SWXCACLS.exe, zip.exe.

This is normal to see in this case - these files are associated with Combofix.
 

D) Do you use CyberLinkMediaServer? Where do you see the ADS streams associated with it? Response: No I don't use
CyberLink Media Server. However, this computer came with Cyberlink products preinstalled.

You can just leave it installed, then. Or if you want, go ahead and uninstall it.
 

E) Do you use CyberLinkMediaServer? Where do you see the ADS streams associated with it? Response: I UsedADSSPY to see
Alternate data streams, and checked "ignore safe system info data streams", (see log). There were a lot more, but I cut
them out for privacy reasons. I know that most of the streams are from favorites, but only some of my favorites are listed
in the log, they seem to be taking up a lot of space, and should my favorites in internet explorer even have alternate
data streams?


What you see with the ADS is normal (I see the same thing on my computer). :)
 

1) My C drive is owned by "trusted installer" (see attached picture).

Seems strange, but again, this is normal. :)
 

2) I can't uninstall many of my programs like "spybot search and destroy" and many others. When I try to uninstall them, I
get the following message, (but subsitute the program name)  --  Error --- Messages file "C:\Program Files (x86)\Spybot -
Search & Destroy 2\unins000.msg" is missing. Please correct the problem or or obtain a new copy of the program. How do I
uninstall these?

 
Try using Revo Uninstaller that attempts to use the program's built-in uninstaller, and then searches through your computer for files, folders, and registry entries that may have been left behind.

 
3) My "Microsoft Office Upload Center" is always trying to upload things somewhere.
 
From http://social.technet.microsoft.com/Forums/office/en-US/79e88e72-e9a2-4740-a41e-dbec4511ec59/disable-upload-center-via-oct-2010?forum=officesetupdeployprevious:
The Upload Center is used whenever you save documents to SkyDrive and SharePoint. It manages uploading docs and synchronizing changes to them. If you never save/edit/share documents on SkyDrive or SharePoint then you won’t use this feature and can disable it.

The original question asked was how to disable the upload center using the OCT. That can’t be done. To disable the Office 2010 Upload Center you can run msconfig, click “Startup” and remove the check next to “Microsoft Office 2010” that references MSOSYNC.EXE”.
Note that if you try to upload/save anything to SkyDrive or SharePoint the Upload Center will start and may add an entry to start with your computer. If that happens you will need to remove it again using msconfig.

4) Everything that I download installs itself as a service. Is that normal?
 
I'm not sure what you mean here. What are you downloading?

5) I tried to run chkdsk again today and it kept getting hung up at 28%. I turned off my computer, turned it back on, a
message said it was diagnosing my computer. Then it went to a screen that said "your computer cannot boot up. Do you want
to try and restore it to a time when it worked better?" I clicked cancel. I turned it off again, and back on. I skipped
the error checking and it booted up fine.
 
Does chkdsk display anything that it's trying to fix when it gets stuck at 28%?

6) It seems that whenever the error checking gets stopped at 28%, which is most of the time, it does not generate a log in
event viewer. The log that I have attached must have been from one of the few times that the error checking completed.
(See Wininitlog)
 
Correct. The log is only generated if it finishes.

7) Windows cannot check for updates. (See Windows update log from eventviewer. This is just 1 out of many logs I have like
this for windows update).
 
The Windows Update error you're seeing is because Windows Update is having trouble connecting to the Microsoft server. I'm not sure why this is. I would suggest trying to restart and then try running Windows Updates again.

8) I have many files in my Windows\System32 folder whose names are in purple, I think that means compressed. For example:
snmp.exe, dssite.msc, adsiedit.msc, accserv.mib, authserv.mib, dhcp.mib, ftp.mib, hostmib.mib, http.mib, ipforwd.mib,
lmmib2.mib, mcastmib.mib, mib_ii.mib, msipbtp.mib, msiprip2.mib, rfc2571.mib, smi.mib, wins.mib,ntdsmsg.dll, adsiedit.dll,
adamssip.dll, a folder DRVSTORE, and many, many more.
 
Yes, purple file names are compressed.

9) Processmonitor, part of System Internals, shows a ridiculous amount of activity by different process, opening, reading,
rewriting, closing registry keys. This is just a small sample but this happens with the same frequency all day long. Is
this normal? All this activity in less than 0.05 seconds! There are buffer overflows which I know are not good. (See
attached picture).
 
This is normal. Some buffer overflows are actually okay.
 
10) In eventviewer this is just one of many registry error logs. (see attached).
 
These eventviewer entries are really just Warnings, and not really errors. It's okay to see these.
 
 
:step1: Rerun Combofix
Open notepad copy/paste the text in the box below into it:
 

http://www.bleepingcomputer.com/forums/t/516192/eset-identifies-2-viruses-mbr-errors-hard-drive-has-6-4-hidden-partitions/

Driver::
MFE_RR

Collect::[139]
C:\Users\TLC\AppData\Local\Temp\mfe_rr.sys

 
Save this as CFScript.txt


CFScriptB-4.gif


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:

  • When Combofix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

 

:step2: Try running aswMBR
Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 

 

In your next reply, please include:

  • Combofix log
  • aswMBR log
  • How is the computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 01 January 2014 - 04:34 PM

Happy New Year!

It's been a while since my last post. Do you still need help?

 

If you do, please follow my previous instructions.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:45 AM

Posted 04 January 2014 - 01:41 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users