Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall and McAfee Firewall Non Responsive


  • Please log in to reply
10 replies to this topic

#1 Gold1020

Gold1020

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 15 June 2013 - 12:19 PM

I randomly decided to look at McAfee and check my settings, etc.  When looking at the main screen, everything states its on and green.  I had the most current definitions loaded.  When I checked my firewall it stated on.  When I clicked to go into the firewall, the screen then changed and said it was off.  When clicking the Turn On button, it would immediately shut off.  I searched this issue and the blogs stated to look at the Windows Firewall under Services.  When I checked, it was not there.  I did a Windows Search for it and found it.  When it opens it gives tells me I need to Update the Firewall Settings.  When I click on Use Recommended Settings it gives me an error "Windows Firewall can't change some of your settings.  Error Code 0x8007042c."

 

I've checked out some of the blog discussions and followed a few thread about creating new register.bat files and running them.  I've also tried merging some .dll files also per the bloggers.  After doing these actions, the Windows Firewall now appears in my Services but when I click to start it I get the error "Windows could not start the Windows Firewall Service on Local Computer.  Error 1068:  The dependency service or group failed to start"

 

I have attached .txt file after running DDS to assist you in trying to figure out my problem. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by GoldHome1 at 12:53:49 on 2013-06-15
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.4000.2886 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\dwm.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINDOWS\system32\mmc.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearch Bar = Preserve
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={2418181B-C94B-11E2-BE7D-E840F2D3EE01}
mWinlogon: Userinit = userinit.exe
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Spotify Web Helper] "C:\Users\GoldHome1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify] "C:\Users\GoldHome1\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E910D69E-4B84-4EE5-B515-B12294D7BC9A} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [dleamon.exe] .EXE"
x64-Run: [EzPrint] T.EXE"
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\WINDOWS\System32\Drivers\gfibto.sys [2013-6-15 14456]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 NWVoltron;NextWindow Voltron Touch Screen;C:\WINDOWS\System32\Drivers\NWVoltron.sys [2012-4-10 28440]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S2 0263261371313825mcinstcleanup;McAfee Application Installer Cleanup (0263261371313825);C:\Users\GOLDHO~1\AppData\Local\Temp\026326~1.EXE -cleanup -nolog --> C:\Users\GOLDHO~1\AppData\Local\Temp\026326~1.EXE -cleanup -nolog [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-28 89600]
S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-5-4 150920]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\WINDOWS\System32\spool\drivers\x64\3\dleaserv.exe [2010-5-21 45224]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-10 2375168]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-4-10 1128952]
S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-4-10 109168]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 2656280]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\WINDOWS\System32\Drivers\hidkmdf.sys [2012-4-10 16152]
S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\WINDOWS\System32\Drivers\NWWakeFilterV.sys [2012-4-10 16152]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\WINDOWS\System32\Drivers\RtsPStor.sys [2012-7-9 339600]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-15 04:10:44 -------- d-----w- C:\Users\GoldHome1\AppData\Roaming\LavasoftStatistics
2013-06-15 04:10:43 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-06-15 04:07:44 -------- d-----w- C:\Users\GoldHome1\AppData\Local\adawarebp
2013-06-15 04:05:55 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-15 04:05:41 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-15 04:05:40 -------- d-----w- C:\ProgramData\Search Protection
2013-06-15 04:05:39 -------- d-----w- C:\ProgramData\blekko toolbars
2013-06-15 04:05:39 -------- d-----w- C:\ProgramData\adawaretb
2013-06-15 04:05:38 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-06-15 04:05:29 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-06-15 04:05:18 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-06-15 04:04:45 47496 ----a-w- C:\WINDOWS\System32\sbbd.exe
2013-06-15 04:04:45 14456 ----a-w- C:\WINDOWS\System32\drivers\gfibto.sys
2013-06-15 04:04:34 -------- d-----w- C:\Users\GoldHome1\AppData\Roaming\Ad-Aware Antivirus
2013-06-15 03:36:13 -------- d-----w- C:\Users\GoldHome1\Seven_Zip
2013-06-15 01:47:34 54776 ----a-w- C:\WINDOWS\System32\drivers\MOBK.sys
2013-06-15 01:46:54 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-06-15 01:46:38 -------- d-----w- C:\Program Files\McAfee.com
2013-06-12 21:01:08 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-06-12 17:02:39 264880 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10206.bin
2013-06-12 16:36:55 -------- d-----r- C:\Program Files (x86)\Skype
2013-06-10 21:34:35 264880 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10206.bin
2013-06-07 17:21:57 -------- d-----w- C:\XBOX
2013-06-07 16:16:28 -------- d-----w- C:\Users\GoldHome1\AppData\Roaming\StockTicker
2013-06-07 16:16:26 -------- d-----w- C:\Program Files (x86)\Free Desktop Tools
2013-05-18 07:12:59 503080 ----a-w- C:\WINDOWS\System32\ci.dll
2013-05-18 01:57:20 -------- d-----w- C:\Users\GoldHome1\AppData\Local\{D03633E0-41CE-4882-957A-82C50E6F948C}
2013-05-18 01:10:00 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-05-18 01:10:00 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-05-17 21:59:17 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2013-05-17 18:17:43 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-05-17 18:17:43 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-05-17 16:13:14 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-05-17 12:28:35 -------- d-----w- C:\Users\GoldHome1\AppData\Local\{A17D0A40-2DBD-4709-A872-C26A1FC172C9}
2013-05-16 22:44:25 -------- d-----w- C:\Users\GoldHome1\AppData\Local\{690113D5-6AE2-457D-8090-C0172BB0DED3}
.
==================== Find3M  ====================
.
2013-06-04 22:09:22 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-05-15 22:37:03 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-05-04 07:45:29 2233600 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-04-28 22:30:55 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-28 22:28:00 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-27 05:20:12 733184 ----a-w- C:\WINDOWS\System32\win32spl.dll
2013-04-23 23:13:53 1013248 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2013-04-23 23:12:44 1569792 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- C:\WINDOWS\SysWow64\cryptnet.dll
2013-04-23 22:56:35 1255936 ----a-w- C:\WINDOWS\System32\certutil.exe
2013-04-23 22:55:48 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-04-23 22:55:48 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-04-23 22:55:48 141312 ----a-w- C:\WINDOWS\System32\cryptnet.dll
2013-04-15 11:02:04 334000 ----a-w- C:\WINDOWS\System32\RaCoInstx.dll
2013-04-15 11:02:04 2482960 ----a-w- C:\WINDOWS\System32\drivers\netr28x.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:20 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2013-04-03 17:34:46 182752 ----a-w- C:\WINDOWS\System32\mfevtps.exe.eff9.deleteme
2013-04-02 23:37:46 25088 ----a-w- C:\WINDOWS\SysWow64\cryptdlg.dll
2013-04-02 23:12:32 30720 ----a-w- C:\WINDOWS\System32\cryptdlg.dll
2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2013-03-28 22:09:09 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
.
============= FINISH: 12:55:03.18 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Gold1020

Gold1020
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 19 June 2013 - 07:03 AM

  • Any help would be appreciated.  McAfee wants to charge me $89 to remove the virus which they say I have.  Please help. 

Edited by Gold1020, 19 June 2013 - 08:31 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 19,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 19 June 2013 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    --RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • Third party programs if not up to date can be the cause of infiltration an infection.
    ===

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#4 Gold1020

Gold1020
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 19 June 2013 - 10:28 AM

AdwCleaner Report:

 

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 11:00:48
# Updated 08/06/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : GoldHome1 - GOLDHOME1-HP
# Boot Mode : Normal
# Running from : C:\Users\GoldHome1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OKET7LK\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\GoldHome1\AppData\LocalLow\adawaretb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\GoldHome1\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.39] : keyword = "start.sweetpacks.com",

File : C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3279 octets] - [19/06/2013 11:00:48]

########## EOF - C:\AdwCleaner[S1].txt - [3339 octets] ##########

 

 

Junkware Report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro x64
Ran by GoldHome1 on Wed 06/19/2013 at 11:09:14.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{609BFD58-E44A-4E58-BAE3-BC41918AA9F0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FD890607-0323-4757-9FE8-68E9AB770322}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FD890607-0323-4757-9FE8-68E9AB770322}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{FD890607-0323-4757-9FE8-68E9AB770322}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\GoldHome1\appdata\local\adawarebp"
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{23F16A90-BB2C-42FE-ACAB-ABC9E3B7F116}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{2555F4D4-78D4-4F09-97A8-C407571295F9}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{2749D5EB-CC4C-444E-B547-20A602828E13}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{3D4A5329-D706-48CB-8680-14D8DEC1E4AB}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{43F49D53-E146-43B7-B701-E24B67358C52}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{56F3A18F-25A7-4BB4-870E-7752FF674D4B}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{690113D5-6AE2-457D-8090-C0172BB0DED3}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{885A11FE-E652-4629-BCA2-0E5F762DD1F7}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{94E97BAC-EB4C-4C9C-BBAE-7FFE4CD54910}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{96150850-B1A7-4B98-8886-D2A6268E2798}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{9E87318A-E9A5-4C31-A497-FBF2566CFA53}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{A17D0A40-2DBD-4709-A872-C26A1FC172C9}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{D03633E0-41CE-4882-957A-82C50E6F948C}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{EA609C17-0EC7-4BB6-96EA-71FB8405C389}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{EDD7444D-C1D4-4B02-BA02-0DCDD7957139}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{F23F0BF9-C321-4A31-AFE2-03BB757234C0}
Successfully deleted: [Empty Folder] C:\Users\GoldHome1\appdata\local\{FC0A49C2-B59B-40A7-955D-F63034DD1D49}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/19/2013 at 11:12:48.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

RogueKiller Report:

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : GoldHome1 [Admin rights]
Mode : Scan -- Date : 06/19/2013 11:16:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe [x][x]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[BROK VAL] HKCR\[...]\command :  () -> MISSING

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA660 +++++
--- User ---
[MBR] 6e4ceb15c3f18fec78b894a7dbf1ac8d
[BSP] 2d246be172334bdd8cd7bc4326267fc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 461822 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946018304 | Size: 15016 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 00daf381e2c2c68c3461918ef87ca0ae
[BSP] 16ddc3bd6ac0af7f43b639178129784a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[0]_S_06192013_111637.txt >>

 

 

Security Check Report:

 

Results of screen317's Security Check version 0.99.66 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus and Anti-Spyware  
Lavasoft Ad-Aware                   
Windows Defender                    
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader XI 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus SBAMSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

Please advise on any further action.  I appreciate your assistance.
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 19,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 20 June 2013 - 06:59 AM

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)

[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Search Protection (C:\ProgramData\Search Protection\SearchProtection.exe [x][x]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[BROK VAL] HKCR\[...]\command : () -> MISSING


Now click Delete on the right hand column under Options
===

REMOVAL FROM THE FILE SECTION.
Next click on the Files tab and put a check next to these and uncheck the rest. (if found)

[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND


Now click Delete on the right hand column under Options

Post back the report which should be located on your desktop.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
Please let me know what problem persists.

#6 Gold1020

Gold1020
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 20 June 2013 - 08:14 AM

RKReport:

 

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : GoldHome1 [Admin rights]
Mode : Scan -- Date : 06/20/2013 08:47:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA660 +++++
--- User ---
[MBR] 6e4ceb15c3f18fec78b894a7dbf1ac8d
[BSP] 2d246be172334bdd8cd7bc4326267fc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 461822 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 946018304 | Size: 15016 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 00daf381e2c2c68c3461918ef87ca0ae
[BSP] 16ddc3bd6ac0af7f43b639178129784a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[0]_S_06202013_084715.txt >>
RKreport[0]_D_06192013_111713.txt;RKreport[0]_S_06192013_111637.txt

 

 

TDSSKiller Report:

 

09:00:52.0778 9140  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:00:53.0356 9140  ============================================================
09:00:53.0356 9140  Current date / time: 2013/06/20 09:00:53.0356
09:00:53.0356 9140  SystemInfo:
09:00:53.0356 9140 
09:00:53.0356 9140  OS Version: 6.2.9200 ServicePack: 0.0
09:00:53.0356 9140  Product type: Workstation
09:00:53.0356 9140  ComputerName: GOLDHOME1-HP
09:00:53.0356 9140  UserName: GoldHome1
09:00:53.0356 9140  Windows directory: C:\WINDOWS
09:00:53.0356 9140  System windows directory: C:\WINDOWS
09:00:53.0356 9140  Running under WOW64
09:00:53.0356 9140  Processor architecture: Intel x64
09:00:53.0356 9140  Number of processors: 2
09:00:53.0356 9140  Page size: 0x1000
09:00:53.0356 9140  Boot type: Normal boot
09:00:53.0356 9140  ============================================================
09:00:53.0762 9140  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:00:53.0762 9140  ============================================================
09:00:53.0762 9140  \Device\Harddisk0\DR0:
09:00:53.0762 9140  MBR partitions:
09:00:53.0762 9140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:00:53.0762 9140  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x385FF000
09:00:53.0762 9140  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38631800, BlocksNum 0x1D54000
09:00:53.0762 9140  ============================================================
09:00:53.0778 9140  C: <-> \Device\Harddisk0\DR0\Partition2
09:00:53.0825 9140  D: <-> \Device\Harddisk0\DR0\Partition3
09:00:53.0825 9140  ============================================================
09:00:53.0825 9140  Initialize success
09:00:53.0825 9140  ============================================================
09:01:29.0893 6856  ============================================================
09:01:29.0893 6856  Scan started
09:01:29.0893 6856  Mode: Manual; SigCheck; TDLFS;
09:01:29.0893 6856  ============================================================
09:01:30.0112 6856  ================ Scan system memory ========================
09:01:30.0112 6856  System memory - ok
09:01:30.0112 6856  ================ Scan services =============================
09:01:30.0221 6856  0071381371669186mcinstcleanup - ok
09:01:30.0330 6856  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
09:01:30.0471 6856  1394ohci - ok
09:01:30.0502 6856  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
09:01:30.0534 6856  3ware - ok
09:01:30.0580 6856  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
09:01:30.0612 6856  ACPI - ok
09:01:30.0643 6856  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
09:01:30.0643 6856  acpiex - ok
09:01:30.0690 6856  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
09:01:30.0690 6856  acpipagr - ok
09:01:30.0721 6856  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
09:01:30.0737 6856  AcpiPmi - ok
09:01:30.0768 6856  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
09:01:30.0784 6856  acpitime - ok
09:01:30.0877 6856  [ 9D90344179ED6A05959DE40FC934A022 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
09:01:30.0909 6856  Ad-Aware Service - ok
09:01:30.0956 6856  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:01:30.0972 6856  AdobeARMservice - ok
09:01:31.0097 6856  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:01:31.0113 6856  AdobeFlashPlayerUpdateSvc - ok
09:01:31.0160 6856  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
09:01:31.0191 6856  adp94xx - ok
09:01:31.0222 6856  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
09:01:31.0238 6856  adpahci - ok
09:01:31.0285 6856  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
09:01:31.0285 6856  adpu320 - ok
09:01:31.0332 6856  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
09:01:31.0347 6856  AeLookupSvc - ok
09:01:31.0441 6856  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
09:01:31.0457 6856  AESTFilters - ok
09:01:31.0519 6856  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
09:01:31.0535 6856  AFD - ok
09:01:31.0566 6856  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
09:01:31.0582 6856  agp440 - ok
09:01:31.0613 6856  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\WINDOWS\System32\alg.exe
09:01:31.0628 6856  ALG - ok
09:01:31.0675 6856  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
09:01:31.0675 6856  AllUserInstallAgent - ok
09:01:31.0722 6856  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
09:01:31.0722 6856  AmdK8 - ok
09:01:31.0738 6856  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
09:01:31.0753 6856  AmdPPM - ok
09:01:31.0800 6856  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
09:01:31.0800 6856  amdsata - ok
09:01:31.0847 6856  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
09:01:31.0863 6856  amdsbs - ok
09:01:31.0878 6856  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
09:01:31.0878 6856  amdxata - ok
09:01:31.0910 6856  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
09:01:31.0925 6856  AppID - ok
09:01:31.0972 6856  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
09:01:32.0003 6856  AppIDSvc - ok
09:01:32.0035 6856  [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
09:01:32.0050 6856  Appinfo - ok
09:01:32.0128 6856  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:01:32.0144 6856  Apple Mobile Device - ok
09:01:32.0191 6856  [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:01:32.0207 6856  AppMgmt - ok
09:01:32.0238 6856  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\WINDOWS\system32\drivers\arc.sys
09:01:32.0253 6856  arc - ok
09:01:32.0285 6856  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
09:01:32.0300 6856  arcsas - ok
09:01:32.0332 6856  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:01:32.0347 6856  AsyncMac - ok
09:01:32.0363 6856  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
09:01:32.0378 6856  atapi - ok
09:01:32.0425 6856  [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
09:01:32.0441 6856  AudioEndpointBuilder - ok
09:01:32.0472 6856  [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
09:01:32.0503 6856  Audiosrv - ok
09:01:32.0535 6856  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
09:01:32.0597 6856  AxInstSV - ok
09:01:32.0628 6856  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
09:01:32.0660 6856  b06bdrv - ok
09:01:32.0691 6856  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
09:01:32.0707 6856  BasicDisplay - ok
09:01:32.0738 6856  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
09:01:32.0738 6856  BasicRender - ok
09:01:32.0800 6856  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:01:32.0832 6856  BBSvc - ok
09:01:32.0878 6856  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
09:01:32.0910 6856  BDESVC - ok
09:01:32.0941 6856  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:01:32.0957 6856  Beep - ok
09:01:33.0019 6856  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\WINDOWS\System32\bfe.dll
09:01:33.0066 6856  BFE - ok
09:01:33.0113 6856  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\WINDOWS\System32\qmgr.dll
09:01:33.0144 6856  BITS - ok
09:01:33.0222 6856  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:01:33.0253 6856  Bonjour Service - ok
09:01:33.0285 6856  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
09:01:33.0300 6856  bowser - ok
09:01:33.0332 6856  [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
09:01:33.0394 6856  BrokerInfrastructure - ok
09:01:33.0441 6856  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\WINDOWS\System32\browser.dll
09:01:33.0457 6856  Browser - ok
09:01:33.0488 6856  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
09:01:33.0503 6856  BthAvrcpTg - ok
09:01:33.0535 6856  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
09:01:33.0550 6856  BthHFEnum - ok
09:01:33.0582 6856  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
09:01:33.0613 6856  bthhfhid - ok
09:01:33.0629 6856  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
09:01:33.0660 6856  BTHMODEM - ok
09:01:33.0691 6856  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\WINDOWS\system32\bthserv.dll
09:01:33.0707 6856  bthserv - ok
09:01:33.0785 6856  [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
09:01:33.0785 6856  CalendarSynchService ( UnsignedFile.Multi.Generic ) - warning
09:01:33.0785 6856  CalendarSynchService - detected UnsignedFile.Multi.Generic (1)
09:01:33.0832 6856  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
09:01:33.0847 6856  cdfs - ok
09:01:33.0879 6856  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
09:01:33.0894 6856  cdrom - ok
09:01:33.0925 6856  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
09:01:33.0941 6856  CertPropSvc - ok
09:01:33.0972 6856  [ 2AD1777CE210B7832B70F25487BFBE64 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
09:01:33.0988 6856  cfwids - ok
09:01:34.0035 6856  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
09:01:34.0050 6856  circlass - ok
09:01:34.0082 6856  [ 9BCE872B95A6AA65C5B5A0E60703F1E3 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
09:01:34.0097 6856  ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
09:01:34.0097 6856  ClassicShellService - detected UnsignedFile.Multi.Generic (1)
09:01:34.0129 6856  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
09:01:34.0144 6856  CLFS - ok
09:01:34.0300 6856  [ AF0CAA7FCF672A9A4B28C708EC8F5716 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:01:34.0316 6856  clr_optimization_v2.0.50727_64 - ok
09:01:34.0363 6856  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
09:01:34.0379 6856  CmBatt - ok
09:01:34.0425 6856  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
09:01:34.0441 6856  CNG - ok
09:01:34.0457 6856  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
09:01:34.0488 6856  CompositeBus - ok
09:01:34.0488 6856  COMSysApp - ok
09:01:34.0504 6856  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
09:01:34.0519 6856  condrv - ok
09:01:34.0550 6856  [ 3D333712C528F2C3C313062777B129E5 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:01:34.0566 6856  cphs - ok
09:01:34.0597 6856  [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
09:01:34.0629 6856  CryptSvc - ok
09:01:34.0675 6856  [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
09:01:34.0707 6856  CSC - ok
09:01:34.0738 6856  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\WINDOWS\System32\cscsvc.dll
09:01:34.0769 6856  CscService - ok
09:01:34.0800 6856  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\WINDOWS\system32\drivers\dam.sys
09:01:34.0816 6856  dam - ok
09:01:34.0863 6856  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:01:34.0925 6856  DcomLaunch - ok
09:01:34.0972 6856  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
09:01:35.0004 6856  defragsvc - ok
09:01:35.0050 6856  [ 3F56376E6916DC78D85F8BF8D3407A02 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
09:01:35.0050 6856  DellDigitalDelivery - ok
09:01:35.0097 6856  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
09:01:35.0129 6856  DeviceAssociationService - ok
09:01:35.0160 6856  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
09:01:35.0175 6856  DeviceInstall - ok
09:01:35.0222 6856  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
09:01:35.0238 6856  Dfsc - ok
09:01:35.0285 6856  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
09:01:35.0300 6856  Dhcp - ok
09:01:35.0332 6856  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\WINDOWS\system32\drivers\discache.sys
09:01:35.0347 6856  discache - ok
09:01:35.0394 6856  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\WINDOWS\system32\drivers\disk.sys
09:01:35.0410 6856  disk - ok
09:01:35.0488 6856  [ 1017D70ABE5483F40C10B7774397D120 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
09:01:35.0504 6856  dleaCATSCustConnectService - ok
09:01:35.0550 6856  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
09:01:35.0566 6856  dmvsc - ok
09:01:35.0613 6856  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:01:35.0644 6856  Dnscache - ok
09:01:35.0707 6856  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:01:35.0738 6856  dot3svc - ok
09:01:35.0769 6856  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\WINDOWS\system32\dps.dll
09:01:35.0785 6856  DPS - ok
09:01:35.0832 6856  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:01:35.0832 6856  drmkaud - ok
09:01:35.0879 6856  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
09:01:35.0894 6856  DsmSvc - ok
09:01:35.0957 6856  [ A2613B4CBB8CF4BE09B03DC1ABAD510D ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
09:01:35.0972 6856  DTSRVC - ok
09:01:36.0035 6856  [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
09:01:36.0066 6856  DXGKrnl - ok
09:01:36.0113 6856  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
09:01:36.0144 6856  Eaphost - ok
09:01:36.0191 6856  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
09:01:36.0254 6856  ebdrv - ok
09:01:36.0301 6856  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\WINDOWS\System32\lsass.exe
09:01:36.0301 6856  EFS - ok
09:01:36.0347 6856  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
09:01:36.0363 6856  EhStorClass - ok
09:01:36.0394 6856  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
09:01:36.0410 6856  EhStorTcgDrv - ok
09:01:36.0426 6856  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
09:01:36.0426 6856  ErrDev - ok
09:01:36.0488 6856  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\WINDOWS\system32\es.dll
09:01:36.0504 6856  EventSystem - ok
09:01:36.0519 6856  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
09:01:36.0535 6856  exfat - ok
09:01:36.0582 6856  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
09:01:36.0597 6856  fastfat - ok
09:01:36.0644 6856  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\WINDOWS\system32\fxssvc.exe
09:01:36.0707 6856  Fax - ok
09:01:36.0738 6856  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
09:01:36.0754 6856  fdc - ok
09:01:36.0785 6856  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
09:01:36.0832 6856  fdPHost - ok
09:01:36.0863 6856  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
09:01:36.0894 6856  FDResPub - ok
09:01:36.0926 6856  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
09:01:36.0972 6856  fhsvc - ok
09:01:37.0004 6856  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
09:01:37.0019 6856  FileInfo - ok
09:01:37.0051 6856  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
09:01:37.0082 6856  Filetrace - ok
09:01:37.0113 6856  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
09:01:37.0129 6856  flpydisk - ok
09:01:37.0144 6856  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:01:37.0160 6856  FltMgr - ok
09:01:37.0207 6856  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\WINDOWS\system32\FntCache.dll
09:01:37.0301 6856  FontCache - ok
09:01:37.0347 6856  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:01:37.0363 6856  FontCache3.0.0.0 - ok
09:01:37.0379 6856  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
09:01:37.0410 6856  FsDepends - ok
09:01:37.0441 6856  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:01:37.0457 6856  Fs_Rec - ok
09:01:37.0504 6856  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
09:01:37.0519 6856  fvevol - ok
09:01:37.0551 6856  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
09:01:37.0566 6856  FxPPM - ok
09:01:37.0597 6856  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
09:01:37.0597 6856  gagp30kx - ok
09:01:37.0660 6856  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:01:37.0676 6856  GamesAppService - ok
09:01:37.0707 6856  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:01:37.0707 6856  GEARAspiWDM - ok
09:01:37.0754 6856  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
09:01:37.0769 6856  gencounter - ok
09:01:37.0816 6856  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
09:01:37.0816 6856  gfibto - ok
09:01:37.0863 6856  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
09:01:37.0879 6856  GPIOClx0101 - ok
09:01:37.0926 6856  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
09:01:37.0972 6856  gpsvc - ok
09:01:38.0019 6856  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:01:38.0035 6856  gupdate - ok
09:01:38.0051 6856  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:01:38.0051 6856  gupdatem - ok
09:01:38.0066 6856  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:01:38.0082 6856  gusvc - ok
09:01:38.0113 6856  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
09:01:38.0144 6856  HDAudBus - ok
09:01:38.0176 6856  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
09:01:38.0191 6856  HidBatt - ok
09:01:38.0222 6856  [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
09:01:38.0238 6856  HidBth - ok
09:01:38.0254 6856  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
09:01:38.0269 6856  hidi2c - ok
09:01:38.0316 6856  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
09:01:38.0332 6856  HidIr - ok
09:01:38.0363 6856  [ 7A327F2FC6CDBC499A39D615CDC190F2 ] hidkmdf         C:\WINDOWS\system32\drivers\hidkmdf.sys
09:01:38.0379 6856  hidkmdf - ok
09:01:38.0410 6856  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\WINDOWS\system32\hidserv.dll
09:01:38.0426 6856  hidserv - ok
09:01:38.0457 6856  [ 012C354B4AB48E9A7A657DF39E3A2073 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
09:01:38.0473 6856  HidUsb - ok
09:01:38.0504 6856  [ 852681A14AFEE00C0C3179429A08C868 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
09:01:38.0504 6856  HipShieldK - ok
09:01:38.0566 6856  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
09:01:38.0582 6856  hkmsvc - ok
09:01:38.0629 6856  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
09:01:38.0676 6856  HomeGroupListener - ok
09:01:38.0691 6856  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
09:01:38.0723 6856  HomeGroupProvider - ok
09:01:38.0801 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:38.0801 6856  HomeNetSvc - ok
09:01:38.0832 6856  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:01:38.0848 6856  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
09:01:38.0848 6856  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
09:01:38.0910 6856  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:01:38.0926 6856  HPClientSvc - ok
09:01:38.0988 6856  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:01:39.0019 6856  hpqwmiex - ok
09:01:39.0051 6856  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
09:01:39.0066 6856  HpSAMD - ok
09:01:39.0098 6856  [ F4A91D985EB9D1D2717D538F3424603C ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
09:01:39.0113 6856  HTTP - ok
09:01:39.0144 6856  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
09:01:39.0144 6856  hwpolicy - ok
09:01:39.0160 6856  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
09:01:39.0176 6856  hyperkbd - ok
09:01:39.0207 6856  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
09:01:39.0223 6856  HyperVideo - ok
09:01:39.0254 6856  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
09:01:39.0269 6856  i8042prt - ok
09:01:39.0316 6856  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
09:01:39.0332 6856  iaStor - ok
09:01:39.0363 6856  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
09:01:39.0379 6856  iaStorV - ok
09:01:39.0473 6856  [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:01:39.0504 6856  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
09:01:39.0504 6856  IconMan_R - detected UnsignedFile.Multi.Generic (1)
09:01:39.0676 6856  [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:01:39.0769 6856  igfx - ok
09:01:39.0801 6856  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
09:01:39.0816 6856  iirsp - ok
09:01:39.0863 6856  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
09:01:39.0894 6856  IKEEXT - ok
09:01:39.0926 6856  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
09:01:39.0926 6856  intelide - ok
09:01:39.0973 6856  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
09:01:39.0973 6856  intelppm - ok
09:01:40.0019 6856  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:01:40.0035 6856  IpFilterDriver - ok
09:01:40.0051 6856  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
09:01:40.0066 6856  IPMIDRV - ok
09:01:40.0113 6856  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
09:01:40.0129 6856  IPNAT - ok
09:01:40.0176 6856  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:01:40.0191 6856  iPod Service - ok
09:01:40.0207 6856  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
09:01:40.0207 6856  IRENUM - ok
09:01:40.0254 6856  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
09:01:40.0269 6856  isapnp - ok
09:01:40.0301 6856  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
09:01:40.0316 6856  iScsiPrt - ok
09:01:40.0348 6856  [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir          C:\WINDOWS\system32\DRIVERS\itecir.sys
09:01:40.0348 6856  itecir - ok
09:01:40.0394 6856  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
09:01:40.0394 6856  kbdclass - ok
09:01:40.0426 6856  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
09:01:40.0457 6856  kbdhid - ok
09:01:40.0457 6856  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
09:01:40.0473 6856  kdnic - ok
09:01:40.0488 6856  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\WINDOWS\system32\lsass.exe
09:01:40.0504 6856  KeyIso - ok
09:01:40.0535 6856  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
09:01:40.0551 6856  KSecDD - ok
09:01:40.0582 6856  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
09:01:40.0598 6856  KSecPkg - ok
09:01:40.0629 6856  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
09:01:40.0644 6856  ksthunk - ok
09:01:40.0691 6856  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
09:01:40.0707 6856  KtmRm - ok
09:01:40.0738 6856  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
09:01:40.0754 6856  LanmanServer - ok
09:01:40.0769 6856  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
09:01:40.0785 6856  LanmanWorkstation - ok
09:01:40.0801 6856  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
09:01:40.0816 6856  lltdio - ok
09:01:40.0848 6856  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
09:01:40.0863 6856  lltdsvc - ok
09:01:40.0895 6856  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
09:01:40.0926 6856  lmhosts - ok
09:01:41.0004 6856  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:01:41.0020 6856  LMS - ok
09:01:41.0066 6856  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
09:01:41.0066 6856  LSI_SAS - ok
09:01:41.0129 6856  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
09:01:41.0145 6856  LSI_SAS2 - ok
09:01:41.0191 6856  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
09:01:41.0207 6856  LSI_SCSI - ok
09:01:41.0223 6856  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
09:01:41.0238 6856  LSI_SSS - ok
09:01:41.0285 6856  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\WINDOWS\System32\lsm.dll
09:01:41.0301 6856  LSM - ok
09:01:41.0348 6856  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
09:01:41.0363 6856  luafv - ok
09:01:41.0395 6856  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:01:41.0410 6856  McAfee SiteAdvisor Service - ok
09:01:41.0426 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:41.0426 6856  McMPFSvc - ok
09:01:41.0441 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:41.0441 6856  McNaiAnn - ok
09:01:41.0504 6856  [ EEE0F382B5E8C2C1A6C31920421FD060 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
09:01:41.0535 6856  McODS - ok
09:01:41.0535 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:41.0551 6856  mcpltsvc - ok
09:01:41.0551 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:41.0566 6856  McProxy - ok
09:01:41.0582 6856  [ 95F17DBFEF4C5BF3FCC1E4F71EB2F5BE ] McPvDrv         C:\WINDOWS\system32\drivers\McPvDrv.sys
09:01:41.0598 6856  McPvDrv - ok
09:01:41.0629 6856  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
09:01:41.0629 6856  megasas - ok
09:01:41.0660 6856  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
09:01:41.0676 6856  MegaSR - ok
09:01:41.0707 6856  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
09:01:41.0707 6856  MEIx64 - ok
09:01:41.0723 6856  [ B7CC04507E8FDDBFED9F8C7C0DD1F0A0 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
09:01:41.0738 6856  mfeapfk - ok
09:01:41.0770 6856  [ C9F15430342FCAC4C6EEB467C35F45F9 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
09:01:41.0770 6856  mfeavfk - ok
09:01:41.0816 6856  [ E96ACD89E17D63D5966659E6424118CB ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
09:01:41.0848 6856  mfecore - ok
09:01:41.0863 6856  [ 9EA94A76F0E3C21A7152D57F20D83099 ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
09:01:41.0879 6856  mfeelamk - ok
09:01:41.0910 6856  [ 8F0847034E52BE3840B066B8725E40E6 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:01:41.0926 6856  mfefire - ok
09:01:41.0941 6856  [ 13081C15C7DA8E3AE3EE144293B30021 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
09:01:41.0957 6856  mfefirek - ok
09:01:41.0973 6856  [ FB6B5777BB24D4E079E1F83F0E12AE11 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
09:01:41.0988 6856  mfehidk - ok
09:01:42.0020 6856  [ B36E18A55B31C11EE43DCC3283E866B7 ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
09:01:42.0035 6856  mfencbdc - ok
09:01:42.0051 6856  [ E585108E51FAF2FD949135D0A20F3525 ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
09:01:42.0051 6856  mfencrk - ok
09:01:42.0066 6856  [ 7A176F40EA4D3E69AEBA7D548E990364 ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
09:01:42.0082 6856  mfevtp - ok
09:01:42.0113 6856  [ 91C1B25A33CCD8E4B84AF8C790171D47 ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
09:01:42.0129 6856  mfewfpk - ok
09:01:42.0160 6856  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
09:01:42.0191 6856  MMCSS - ok
09:01:42.0223 6856  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
09:01:42.0254 6856  Modem - ok
09:01:42.0270 6856  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
09:01:42.0285 6856  monitor - ok
09:01:42.0316 6856  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
09:01:42.0332 6856  mouclass - ok
09:01:42.0348 6856  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
09:01:42.0363 6856  mouhid - ok
09:01:42.0395 6856  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
09:01:42.0395 6856  mountmgr - ok
09:01:42.0441 6856  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
09:01:42.0457 6856  mpsdrv - ok
09:01:42.0504 6856  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
09:01:42.0551 6856  MpsSvc - ok
09:01:42.0566 6856  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
09:01:42.0582 6856  MRxDAV - ok
09:01:42.0629 6856  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:01:42.0660 6856  mrxsmb - ok
09:01:42.0691 6856  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
09:01:42.0707 6856  mrxsmb10 - ok
09:01:42.0723 6856  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
09:01:42.0738 6856  mrxsmb20 - ok
09:01:42.0770 6856  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
09:01:42.0801 6856  MsBridge - ok
09:01:42.0832 6856  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
09:01:42.0848 6856  MSDTC - ok
09:01:42.0879 6856  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:01:42.0895 6856  Msfs - ok
09:01:42.0941 6856  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
09:01:42.0942 6856  msgpiowin32 - ok
09:01:42.0989 6856  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
09:01:43.0005 6856  mshidkmdf - ok
09:01:43.0036 6856  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
09:01:43.0052 6856  mshidumdf - ok
09:01:43.0068 6856  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
09:01:43.0083 6856  msisadrv - ok
09:01:43.0130 6856  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
09:01:43.0161 6856  MSiSCSI - ok
09:01:43.0161 6856  msiserver - ok
09:01:43.0177 6856  [ 3EED433F64445D5B49A396BD3AEDE37A ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
09:01:43.0193 6856  MSK80Service - ok
09:01:43.0208 6856  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:01:43.0224 6856  MSKSSRV - ok
09:01:43.0255 6856  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
09:01:43.0271 6856  MsLldp - ok
09:01:43.0271 6856  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:01:43.0286 6856  MSPCLOCK - ok
09:01:43.0318 6856  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:01:43.0333 6856  MSPQM - ok
09:01:43.0380 6856  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
09:01:43.0396 6856  MsRPC - ok
09:01:43.0443 6856  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
09:01:43.0458 6856  mssmbios - ok
09:01:43.0474 6856  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
09:01:43.0489 6856  MSTEE - ok
09:01:43.0489 6856  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
09:01:43.0505 6856  MTConfig - ok
09:01:43.0521 6856  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
09:01:43.0536 6856  Mup - ok
09:01:43.0552 6856  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
09:01:43.0552 6856  mvumis - ok
09:01:43.0614 6856  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\WINDOWS\system32\qagentRT.dll
09:01:43.0646 6856  napagent - ok
09:01:43.0677 6856  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
09:01:43.0693 6856  NativeWifiP - ok
09:01:43.0724 6856  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
09:01:43.0755 6856  NcaSvc - ok
09:01:43.0786 6856  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
09:01:43.0833 6856  NcdAutoSetup - ok
09:01:43.0880 6856  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
09:01:43.0911 6856  NDIS - ok
09:01:43.0958 6856  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
09:01:43.0958 6856  NdisCap - ok
09:01:43.0974 6856  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
09:01:43.0989 6856  NdisImPlatform - ok
09:01:44.0021 6856  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:01:44.0036 6856  NdisTapi - ok
09:01:44.0083 6856  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:01:44.0099 6856  Ndisuio - ok
09:01:44.0114 6856  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:01:44.0130 6856  NdisWan - ok
09:01:44.0130 6856  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:01:44.0146 6856  NDISWANLEGACY - ok
09:01:44.0193 6856  [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:01:44.0208 6856  NDProxy - ok
09:01:44.0255 6856  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
09:01:44.0271 6856  Ndu - ok
09:01:44.0302 6856  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:01:44.0318 6856  NetBIOS - ok
09:01:44.0349 6856  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:01:44.0349 6856  NetBT - ok
09:01:44.0380 6856  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:01:44.0396 6856  Netlogon - ok
09:01:44.0427 6856  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\WINDOWS\System32\netman.dll
09:01:44.0474 6856  Netman - ok
09:01:44.0552 6856  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:44.0599 6856  NetMsmqActivator - ok
09:01:44.0599 6856  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:44.0614 6856  NetPipeActivator - ok
09:01:44.0646 6856  [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
09:01:44.0677 6856  netprofm - ok
09:01:44.0739 6856  [ 080417AC9E51B2B29656EC26B62E87F1 ] netr28x         C:\WINDOWS\system32\DRIVERS\netr28x.sys
09:01:44.0771 6856  netr28x - ok
09:01:44.0802 6856  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:44.0802 6856  NetTcpActivator - ok
09:01:44.0818 6856  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:01:44.0818 6856  NetTcpPortSharing - ok
09:01:44.0864 6856  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
09:01:44.0864 6856  nfrd960 - ok
09:01:44.0896 6856  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
09:01:44.0911 6856  NlaSvc - ok
09:01:44.0958 6856  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:01:44.0958 6856  Npfs - ok
09:01:45.0005 6856  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
09:01:45.0036 6856  npsvctrig - ok
09:01:45.0068 6856  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\WINDOWS\system32\nsisvc.dll
09:01:45.0083 6856  nsi - ok
09:01:45.0114 6856  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
09:01:45.0130 6856  nsiproxy - ok
09:01:45.0193 6856  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:01:45.0239 6856  Ntfs - ok
09:01:45.0271 6856  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:01:45.0286 6856  Null - ok
09:01:45.0333 6856  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
09:01:45.0349 6856  nvraid - ok
09:01:45.0380 6856  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
09:01:45.0396 6856  nvstor - ok
09:01:45.0443 6856  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
09:01:45.0458 6856  nv_agp - ok
09:01:45.0490 6856  [ 1E65CFD59DDFA8166D2174DC3E6D4AAE ] NWVoltron       C:\WINDOWS\System32\drivers\NWVoltron.sys
09:01:45.0490 6856  NWVoltron - ok
09:01:45.0536 6856  [ 29B7F4F503EF7652024C28A3DD0E3586 ] NWWakeFilterV   C:\WINDOWS\system32\drivers\NWWakeFilterV.sys
09:01:45.0536 6856  NWWakeFilterV - ok
09:01:45.0599 6856  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:01:45.0630 6856  ose - ok
09:01:45.0786 6856  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:01:45.0865 6856  osppsvc - ok
09:01:45.0896 6856  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
09:01:45.0927 6856  p2pimsvc - ok
09:01:45.0943 6856  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
09:01:45.0974 6856  p2psvc - ok
09:01:46.0005 6856  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
09:01:46.0021 6856  Parport - ok
09:01:46.0052 6856  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
09:01:46.0052 6856  partmgr - ok
09:01:46.0099 6856  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
09:01:46.0130 6856  PcaSvc - ok
09:01:46.0177 6856  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\WINDOWS\system32\drivers\pci.sys
09:01:46.0177 6856  pci - ok
09:01:46.0224 6856  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
09:01:46.0240 6856  pciide - ok
09:01:46.0271 6856  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
09:01:46.0286 6856  pcmcia - ok
09:01:46.0318 6856  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
09:01:46.0318 6856  pcw - ok
09:01:46.0333 6856  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
09:01:46.0349 6856  pdc - ok
09:01:46.0380 6856  pdfcDispatcher - ok
09:01:46.0411 6856  [ C7801DEF1C78747996A52C1F4C473E6F ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
09:01:46.0427 6856  PdiService - ok
09:01:46.0474 6856  [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
09:01:46.0490 6856  PEAUTH - ok
09:01:46.0583 6856  [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
09:01:46.0661 6856  PeerDistSvc - ok
09:01:46.0740 6856  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
09:01:46.0755 6856  PerfHost - ok
09:01:46.0833 6856  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\WINDOWS\system32\pla.dll
09:01:46.0880 6856  pla - ok
09:01:46.0911 6856  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
09:01:46.0927 6856  PlugPlay - ok
09:01:46.0958 6856  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
09:01:47.0005 6856  PNRPAutoReg - ok
09:01:47.0021 6856  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
09:01:47.0036 6856  PNRPsvc - ok
09:01:47.0068 6856  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
09:01:47.0099 6856  PolicyAgent - ok
09:01:47.0130 6856  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\WINDOWS\system32\umpo.dll
09:01:47.0146 6856  Power - ok
09:01:47.0177 6856  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:01:47.0193 6856  PptpMiniport - ok
09:01:47.0318 6856  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
09:01:47.0380 6856  PrintNotify - ok
09:01:47.0411 6856  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\WINDOWS\System32\drivers\processr.sys
09:01:47.0427 6856  Processor - ok
09:01:47.0458 6856  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
09:01:47.0490 6856  ProfSvc - ok
09:01:47.0521 6856  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
09:01:47.0536 6856  Psched - ok
09:01:47.0583 6856  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\WINDOWS\system32\qwave.dll
09:01:47.0615 6856  QWAVE - ok
09:01:47.0646 6856  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
09:01:47.0646 6856  QWAVEdrv - ok
09:01:47.0677 6856  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:01:47.0693 6856  RasAcd - ok
09:01:47.0740 6856  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
09:01:47.0755 6856  RasAgileVpn - ok
09:01:47.0786 6856  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:01:47.0818 6856  RasAuto - ok
09:01:47.0818 6856  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:01:47.0833 6856  Rasl2tp - ok
09:01:47.0865 6856  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:01:47.0880 6856  RasMan - ok
09:01:47.0927 6856  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:01:47.0943 6856  RasPppoe - ok
09:01:47.0974 6856  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
09:01:47.0990 6856  RasSstp - ok
09:01:48.0021 6856  [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:01:48.0037 6856  rdbss - ok
09:01:48.0083 6856  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
09:01:48.0099 6856  rdpbus - ok
09:01:48.0115 6856  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
09:01:48.0130 6856  RDPDR - ok
09:01:48.0162 6856  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
09:01:48.0177 6856  RdpVideoMiniport - ok
09:01:48.0208 6856  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:01:48.0224 6856  RDPWD - ok
09:01:48.0224 6856  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
09:01:48.0240 6856  rdyboost - ok
09:01:48.0287 6856  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:01:48.0318 6856  RemoteAccess - ok
09:01:48.0380 6856  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:01:48.0427 6856  RemoteRegistry - ok
09:01:48.0490 6856  [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:01:48.0521 6856  RoxioNow Service - ok
09:01:48.0552 6856  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
09:01:48.0568 6856  RpcEptMapper - ok
09:01:48.0615 6856  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:01:48.0615 6856  RpcLocator - ok
09:01:48.0662 6856  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:01:48.0693 6856  RpcSs - ok
09:01:48.0740 6856  [ 7BFDFD1D2244B444D7BBC55087426518 ] RSPCIESTOR      C:\WINDOWS\system32\DRIVERS\RtsPStor.sys
09:01:48.0755 6856  RSPCIESTOR - ok
09:01:48.0771 6856  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:01:48.0787 6856  rspndr - ok
09:01:48.0818 6856  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
09:01:48.0833 6856  RTL8168 - ok
09:01:48.0849 6856  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
09:01:48.0865 6856  s3cap - ok
09:01:48.0880 6856  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\WINDOWS\system32\lsass.exe
09:01:48.0896 6856  SamSs - ok
09:01:48.0974 6856  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
09:01:49.0037 6856  SBAMSvc - ok
09:01:49.0083 6856  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
09:01:49.0099 6856  sbp2port - ok
09:01:49.0130 6856  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
09:01:49.0162 6856  SCardSvr - ok
09:01:49.0193 6856  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
09:01:49.0208 6856  scfilter - ok
09:01:49.0255 6856  [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:01:49.0318 6856  Schedule - ok
09:01:49.0349 6856  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
09:01:49.0365 6856  SCPolicySvc - ok
09:01:49.0396 6856  [ 047315E75392CEA447ACC86257824C16 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
09:01:49.0412 6856  sdbus - ok
09:01:49.0443 6856  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
09:01:49.0474 6856  SDRSVC - ok
09:01:49.0505 6856  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
09:01:49.0505 6856  sdstor - ok
09:01:49.0568 6856  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:01:49.0583 6856  SeaPort - ok
09:01:49.0630 6856  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
09:01:49.0630 6856  secdrv - ok
09:01:49.0693 6856  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\WINDOWS\system32\seclogon.dll
09:01:49.0708 6856  seclogon - ok
09:01:49.0755 6856  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\WINDOWS\System32\sens.dll
09:01:49.0771 6856  SENS - ok
09:01:49.0802 6856  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
09:01:49.0818 6856  SensrSvc - ok
09:01:49.0865 6856  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
09:01:49.0880 6856  SerCx - ok
09:01:49.0912 6856  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
09:01:49.0927 6856  Serenum - ok
09:01:49.0958 6856  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
09:01:49.0974 6856  Serial - ok
09:01:50.0005 6856  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
09:01:50.0021 6856  sermouse - ok
09:01:50.0083 6856  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
09:01:50.0099 6856  SessionEnv - ok
09:01:50.0130 6856  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
09:01:50.0146 6856  sfloppy - ok
09:01:50.0193 6856  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:01:50.0224 6856  ShellHWDetection - ok
09:01:50.0255 6856  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
09:01:50.0271 6856  SiSRaid2 - ok
09:01:50.0287 6856  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
09:01:50.0302 6856  SiSRaid4 - ok
09:01:50.0333 6856  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
09:01:50.0365 6856  SNMPTRAP - ok
09:01:50.0396 6856  [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
09:01:50.0412 6856  spaceport - ok
09:01:50.0427 6856  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
09:01:50.0443 6856  SpbCx - ok
09:01:50.0490 6856  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
09:01:50.0521 6856  Spooler - ok
09:01:50.0630 6856  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
09:01:50.0693 6856  sppsvc - ok
09:01:50.0724 6856  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:01:50.0740 6856  srv - ok
09:01:50.0787 6856  [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
09:01:50.0802 6856  srv2 - ok
09:01:50.0818 6856  [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
09:01:50.0834 6856  srvnet - ok
09:01:50.0865 6856  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:01:50.0880 6856  SSDPSRV - ok
09:01:50.0927 6856  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
09:01:50.0943 6856  SstpSvc - ok
09:01:51.0021 6856  [ 29193D5E1A4BFADDBE2A0AB1E20C9166 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
09:01:51.0037 6856  STacSV ( UnsignedFile.Multi.Generic ) - warning
09:01:51.0037 6856  STacSV - detected UnsignedFile.Multi.Generic (1)
09:01:51.0084 6856  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
09:01:51.0084 6856  stexstor - ok
09:01:51.0162 6856  [ 730A8469CD476ACBDC450293B4C02298 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
09:01:51.0177 6856  STHDA - ok
09:01:51.0224 6856  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\WINDOWS\System32\wiaservc.dll
09:01:51.0271 6856  stisvc - ok
09:01:51.0302 6856  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
09:01:51.0302 6856  storahci - ok
09:01:51.0334 6856  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
09:01:51.0349 6856  storflt - ok
09:01:51.0396 6856  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
09:01:51.0443 6856  StorSvc - ok
09:01:51.0490 6856  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
09:01:51.0505 6856  storvsc - ok
09:01:51.0537 6856  [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
09:01:51.0552 6856  storvsp - ok
09:01:51.0599 6856  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\WINDOWS\system32\svsvc.dll
09:01:51.0630 6856  svsvc - ok
09:01:51.0662 6856  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
09:01:51.0677 6856  swenum - ok
09:01:51.0709 6856  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\WINDOWS\System32\swprv.dll
09:01:51.0740 6856  swprv - ok
09:01:51.0802 6856  [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain         C:\WINDOWS\system32\sysmain.dll
09:01:51.0834 6856  SysMain - ok
09:01:51.0880 6856  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
09:01:51.0912 6856  SystemEventsBroker - ok
09:01:51.0927 6856  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
09:01:51.0943 6856  TabletInputService - ok
09:01:51.0990 6856  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:01:52.0037 6856  TapiSrv - ok
09:01:52.0099 6856  [ D750CE2A52F1B95E654CF2904C88EF1F ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
09:01:52.0162 6856  Tcpip - ok
09:01:52.0177 6856  [ D750CE2A52F1B95E654CF2904C88EF1F ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:01:52.0240 6856  TCPIP6 - ok
09:01:52.0271 6856  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
09:01:52.0287 6856  tcpipreg - ok
09:01:52.0334 6856  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
09:01:52.0349 6856  tdx - ok
09:01:52.0365 6856  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
09:01:52.0365 6856  terminpt - ok
09:01:52.0396 6856  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\WINDOWS\System32\termsrv.dll
09:01:52.0427 6856  TermService - ok
09:01:52.0474 6856  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\WINDOWS\system32\themeservice.dll
09:01:52.0505 6856  Themes - ok
09:01:52.0552 6856  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
09:01:52.0568 6856  THREADORDER - ok
09:01:52.0599 6856  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
09:01:52.0630 6856  TimeBroker - ok
09:01:52.0662 6856  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
09:01:52.0662 6856  TPM - ok
09:01:52.0709 6856  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\WINDOWS\System32\trkwks.dll
09:01:52.0740 6856  TrkWks - ok
09:01:52.0818 6856  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
09:01:52.0818 6856  TrustedInstaller - ok
09:01:52.0849 6856  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
09:01:52.0865 6856  TsUsbFlt - ok
09:01:52.0896 6856  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
09:01:52.0927 6856  TsUsbGD - ok
09:01:52.0959 6856  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
09:01:52.0990 6856  tunnel - ok
09:01:53.0021 6856  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
09:01:53.0021 6856  uagp35 - ok
09:01:53.0068 6856  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
09:01:53.0084 6856  UASPStor - ok
09:01:53.0115 6856  [ 7C33D8B8A5EA2321B84A1B6653CBD0DB ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
09:01:53.0115 6856  UCX01000 - ok
09:01:53.0146 6856  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
09:01:53.0162 6856  udfs - ok
09:01:53.0209 6856  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
09:01:53.0224 6856  UI0Detect - ok
09:01:53.0256 6856  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
09:01:53.0271 6856  uliagpkx - ok
09:01:53.0287 6856  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
09:01:53.0287 6856  umbus - ok
09:01:53.0334 6856  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
09:01:53.0349 6856  UmPass - ok
09:01:53.0396 6856  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
09:01:53.0427 6856  UmRdpService - ok
09:01:53.0521 6856  [ 758C2CE427C343F780A205E28555C98D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:01:53.0568 6856  UNS - ok
09:01:53.0615 6856  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:01:53.0662 6856  upnphost - ok
09:01:53.0693 6856  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
09:01:53.0693 6856  usbccgp - ok
09:01:53.0740 6856  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
09:01:53.0756 6856  usbcir - ok
09:01:53.0802 6856  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
09:01:53.0802 6856  usbehci - ok
09:01:53.0849 6856  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
09:01:53.0881 6856  usbhub - ok
09:01:53.0896 6856  [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
09:01:53.0912 6856  USBHUB3 - ok
09:01:53.0943 6856  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
09:01:53.0960 6856  usbohci - ok
09:01:53.0991 6856  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
09:01:54.0007 6856  usbprint - ok
09:01:54.0038 6856  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
09:01:54.0053 6856  usbscan - ok
09:01:54.0085 6856  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
09:01:54.0100 6856  USBSTOR - ok
09:01:54.0132 6856  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
09:01:54.0147 6856  usbuhci - ok
09:01:54.0163 6856  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
09:01:54.0178 6856  usbvideo - ok
09:01:54.0210 6856  [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
09:01:54.0225 6856  USBXHCI - ok
09:01:54.0241 6856  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\WINDOWS\system32\lsass.exe
09:01:54.0257 6856  VaultSvc - ok
09:01:54.0257 6856  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
09:01:54.0272 6856  vdrvroot - ok
09:01:54.0303 6856  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\WINDOWS\System32\vds.exe
09:01:54.0335 6856  vds - ok
09:01:54.0350 6856  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
09:01:54.0366 6856  VerifierExt - ok
09:01:54.0397 6856  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
09:01:54.0413 6856  vhdmp - ok
09:01:54.0444 6856  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
09:01:54.0460 6856  viaide - ok
09:01:54.0491 6856  [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
09:01:54.0507 6856  Vid - ok
09:01:54.0538 6856  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
09:01:54.0553 6856  vmbus - ok
09:01:54.0553 6856  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
09:01:54.0569 6856  VMBusHID - ok
09:01:54.0585 6856  [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
09:01:54.0585 6856  vmbusr - ok
09:01:54.0632 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
09:01:54.0663 6856  vmicheartbeat - ok
09:01:54.0678 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
09:01:54.0694 6856  vmickvpexchange - ok
09:01:54.0694 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
09:01:54.0710 6856  vmicrdv - ok
09:01:54.0725 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
09:01:54.0725 6856  vmicshutdown - ok
09:01:54.0741 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
09:01:54.0757 6856  vmictimesync - ok
09:01:54.0757 6856  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
09:01:54.0772 6856  vmicvss - ok
09:01:54.0803 6856  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
09:01:54.0819 6856  volmgr - ok
09:01:54.0850 6856  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
09:01:54.0866 6856  volmgrx - ok
09:01:54.0897 6856  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
09:01:54.0913 6856  volsnap - ok
09:01:54.0960 6856  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
09:01:54.0975 6856  vpci - ok
09:01:54.0991 6856  [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
09:01:55.0007 6856  vpcivsp - ok
09:01:55.0038 6856  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
09:01:55.0038 6856  vsmraid - ok
09:01:55.0100 6856  [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS             C:\WINDOWS\system32\vssvc.exe
09:01:55.0179 6856  VSS - ok
09:01:55.0225 6856  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
09:01:55.0241 6856  VSTXRAID - ok
09:01:55.0288 6856  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
09:01:55.0304 6856  vwifibus - ok
09:01:55.0304 6856  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
09:01:55.0319 6856  vwififlt - ok
09:01:55.0319 6856  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
09:01:55.0335 6856  vwifimp - ok
09:01:55.0382 6856  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:01:55.0429 6856  W32Time - ok
09:01:55.0460 6856  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
09:01:55.0475 6856  WacomPen - ok
09:01:55.0507 6856  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:01:55.0522 6856  Wanarp - ok
09:01:55.0538 6856  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:01:55.0554 6856  Wanarpv6 - ok
09:01:55.0600 6856  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\WINDOWS\system32\wbengine.exe
09:01:55.0663 6856  wbengine - ok
09:01:55.0694 6856  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
09:01:55.0710 6856  WbioSrvc - ok
09:01:55.0741 6856  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
09:01:55.0788 6856  Wcmsvc - ok
09:01:55.0819 6856  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
09:01:55.0866 6856  wcncsvc - ok
09:01:55.0882 6856  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
09:01:55.0897 6856  WcsPlugInService - ok
09:01:55.0929 6856  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\WINDOWS\system32\drivers\wd.sys
09:01:55.0944 6856  Wd - ok
09:01:55.0975 6856  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
09:01:55.0991 6856  WdBoot - ok
09:01:56.0038 6856  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
09:01:56.0069 6856  Wdf01000 - ok
09:01:56.0085 6856  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
09:01:56.0100 6856  WdFilter - ok
09:01:56.0147 6856  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
09:01:56.0179 6856  WdiServiceHost - ok
09:01:56.0194 6856  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
09:01:56.0210 6856  WdiSystemHost - ok
09:01:56.0241 6856  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:01:56.0257 6856  WebClient - ok
09:01:56.0304 6856  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
09:01:56.0319 6856  Wecsvc - ok
09:01:56.0335 6856  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
09:01:56.0350 6856  wercplsupport - ok
09:01:56.0397 6856  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
09:01:56.0460 6856  WerSvc - ok
09:01:56.0507 6856  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
09:01:56.0507 6856  WFPLWFS - ok
09:01:56.0554 6856  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
09:01:56.0569 6856  WiaRpc - ok
09:01:56.0600 6856  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
09:01:56.0616 6856  WIMMount - ok
09:01:56.0663 6856  WinDefend - ok
09:01:56.0710 6856  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
09:01:56.0741 6856  WinHttpAutoProxySvc - ok
09:01:56.0819 6856  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:01:56.0835 6856  Winmgmt - ok
09:01:56.0913 6856  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
09:01:56.0991 6856  WinRM - ok
09:01:57.0054 6856  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
09:01:57.0100 6856  WlanSvc - ok
09:01:57.0147 6856  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:01:57.0163 6856  wlcrasvc - ok
09:01:57.0210 6856  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
09:01:57.0288 6856  wlidsvc - ok
09:01:57.0335 6856  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
09:01:57.0350 6856  WmiAcpi - ok
09:01:57.0382 6856  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
09:01:57.0413 6856  wmiApSrv - ok
09:01:57.0444 6856  WMPNetworkSvc - ok
09:01:57.0460 6856  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
09:01:57.0475 6856  wpcfltr - ok
09:01:57.0522 6856  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
09:01:57.0554 6856  WPCSvc - ok
09:01:57.0585 6856  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
09:01:57.0647 6856  WPDBusEnum - ok
09:01:57.0663 6856  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
09:01:57.0679 6856  WpdUpFltr - ok
09:01:57.0726 6856  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
09:01:57.0741 6856  ws2ifsl - ok
09:01:57.0772 6856  [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:01:57.0835 6856  wscsvc - ok
09:01:57.0882 6856  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
09:01:57.0897 6856  WSDPrintDevice - ok
09:01:57.0897 6856  WSearch - ok
09:01:57.0976 6856  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\WINDOWS\System32\WSService.dll
09:01:58.0038 6856  WSService - ok
09:01:58.0132 6856  [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv        C:\Windows\system32\wuaueng.dll
09:01:58.0241 6856  wuauserv - ok
09:01:58.0272 6856  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
09:01:58.0288 6856  WudfPf - ok
09:01:58.0304 6856  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
09:01:58.0319 6856  WUDFRd - ok
09:01:58.0319 6856  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
09:01:58.0335 6856  WUDFSensorLP - ok
09:01:58.0351 6856  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
09:01:58.0366 6856  wudfsvc - ok
09:01:58.0366 6856  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
09:01:58.0382 6856  WUDFWpdFs - ok
09:01:58.0429 6856  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
09:01:58.0491 6856  WwanSvc - ok
09:01:58.0507 6856  ================ Scan global ===============================
09:01:58.0538 6856  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
09:01:58.0585 6856  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
09:01:58.0585 6856  [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
09:01:58.0632 6856  [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
09:01:58.0647 6856  [Global] - ok
09:01:58.0647 6856  ================ Scan MBR ==================================
09:01:58.0663 6856  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:01:58.0976 6856  \Device\Harddisk0\DR0 - ok
09:01:58.0977 6856  ================ Scan VBR ==================================
09:01:59.0008 6856  [ FE46AE1C194786F6EE6A8772A98ED755 ] \Device\Harddisk0\DR0\Partition1
09:01:59.0008 6856  \Device\Harddisk0\DR0\Partition1 - ok
09:01:59.0008 6856  [ F398173CABC66C52E5DBF7C5FD71C7CA ] \Device\Harddisk0\DR0\Partition2
09:01:59.0023 6856  \Device\Harddisk0\DR0\Partition2 - ok
09:01:59.0055 6856  [ D25E9C72C338E2C3C149B0FEEBA82AA1 ] \Device\Harddisk0\DR0\Partition3
09:01:59.0055 6856  \Device\Harddisk0\DR0\Partition3 - ok
09:01:59.0055 6856  ============================================================
09:01:59.0055 6856  Scan finished
09:01:59.0055 6856  ============================================================
09:01:59.0070 4304  Detected object count: 5
09:01:59.0070 4304  Actual detected object count: 5
09:02:38.0639 4304  CalendarSynchService ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:38.0639 4304  CalendarSynchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:02:38.0639 4304  ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:38.0639 4304  ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:02:38.0655 4304  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:38.0655 4304  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:02:38.0655 4304  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:38.0655 4304  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:02:38.0655 4304  STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:38.0655 4304  STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:03:21.0568 9120  Deinitialize success

 

 

The PC appears to be running fine, except for the fact that I am unable to turn on Windows Firewall, make any changes to Windows Firewall or restore defaults to Windows Firewall.  Also, I can not turn on Base Filter Engine (BFE) which is required for Windows Firewall.  This then impacts me from being able to turn on the McAfee Firewall.  Other than this, I have no problems.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 19,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 21 June 2013 - 06:41 AM

Download Malwarebytes Anti-Rootkit. Follow the instructions on this page.

How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer.
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/

Post the log in you next reply.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action center
  • Windows Update
  • Windows Defender
Press Scan.
This will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#8 Gold1020

Gold1020
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 21 June 2013 - 07:41 AM

mbar-log:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.21.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
GoldHome1 :: GOLDHOME1-HP [administrator]

6/21/2013 8:06:24 AM
mbar-log-2013-06-21 (08-06-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 272121
Time elapsed: 23 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

System-log:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16599

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4194635776, free: 2182483968

Downloaded database version: v2013.06.21.02
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/21/2013 08:06:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStor.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\itecir.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\circlass.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\hidir.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\NWVoltron.sys
\SystemRoot\System32\drivers\NWTransLibV.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\McPvDrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80130ec5b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8003cc6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80130ec5b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80130ed040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80130ec5b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003cc6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7D9A5CF5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 945811456

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946018304  Numsec = 30752768

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

FSS Log:

Farbar Service Scanner Version: 16-06-2013
Ran by GoldHome1 (administrator) on 21-06-2013 at 08:32:12
Running from "C:\Users\GoldHome1\Desktop"
Windows 8 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 14:43] - [2013-05-04 03:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-16 14:39] - [2013-05-04 02:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8

C:\Windows\System32\wscsvc.dll
[2013-05-18 03:12] - [2013-04-09 00:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-16 14:39] - [2013-05-04 02:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 14:43] - [2013-04-23 18:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-27 11:44] - [2013-01-28 19:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-27 11:44] - [2013-01-28 21:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

Firewalls still wont turn on for some reason.  I removed McAfee and tried starting Windows Firewall thinking McAfee maybe the problem, but it still wont turn on.  Thinking of trying a new Antivirus/Firewall software.  Any recommendations?

 

Thanks,



#9 nasdaq

nasdaq

  • Malware Response Team
  • 19,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 21 June 2013 - 07:58 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
===


Go to the following sire and Download BFE.reg to your desktop.
http://download.bleepingcomputer.com/win-services/8/

Double click on on the downloaded file and confirm the prompt.
Restart computer.
Post new FSS log.
===

Let me know if the problem persists.

#10 Gold1020

Gold1020
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 21 June 2013 - 09:31 AM

FSS Log:

 

Farbar Service Scanner Version: 16-06-2013
Ran by GoldHome1 (administrator) on 21-06-2013 at 10:24:51
Running from "C:\Users\GoldHome1\Desktop"
Windows 8 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 14:43] - [2013-05-04 03:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-16 14:39] - [2013-05-04 02:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8

C:\Windows\System32\wscsvc.dll
[2013-05-18 03:12] - [2013-04-09 00:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-16 14:39] - [2013-05-04 02:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 14:43] - [2013-04-23 18:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945

C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-27 11:44] - [2013-01-28 19:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-27 11:44] - [2013-01-28 21:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

No change in status as far as Firewall services working.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 19,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 PM

Posted 21 June 2013 - 09:37 AM


I can only suggest you Start a new topic in the Windows 8 forum.

http://www.bleepingcomputer.com/forums/f/209/windows-8/

I do not have this operating system installed on my computer.

I will keep this topic open. If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users