Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer - several trojans using iexplore processes in background


  • This topic is locked This topic is locked
11 replies to this topic

#1 schmoomanoo

schmoomanoo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 07 September 2014 - 03:48 PM

Hello all,

 

I'm posting on behalf of my disabled brother, who is currently unable to use this computer in case anyone gets hold of any important information, but I'm only here for a few days so if anyone can help in super-quick time that would be great!

 

Basically my dad ran a scan on this machine just over a week ago after they noticed their windows firewall was turned off (they also have a McAfee Total Protection Subscription, as that came with the machine 6 years ago). After the scan, the machine started running really slowly, so they haven't used it for a week (mainly because they knew I was visiting!)

 

When I got here, it was running incredibly slowly, and couldn't complete a full scan, but when I looked at the processes in Task Manager I saw lots of iexplore (when I didn't have any browsers open), so I knew something was amiss.

 

I've downloaded Malwarebytes and the one scan I ran yesterday came up with 4 different trojans, 3 of which McAfee quarantined and the other Malwarebytes. I also decided to start the free trial of Malware Premium, and now the real-time blocker keeps coming up with a pop-up saying it has blocked various outgoing malicious websites with iexplore. 

 

These are the sites it's apparently blocked so far:

 

star-cliffe

fifa-seargh

vacuum-create

ransom-avto

fresh-vacancy

turend-hureft

service-search

enjoy-result

administration-soft

 

It keeps trying different ports, but luckily at the moment Malwarebytes is blocking it. I just need to know that I can do as much as possible to help my brother get back online ASAP (he has cerebral palsy and autism - going online on his own using a special joystick and button is one of his greatest pleasures, so if you can help him and me, that would be great!)

 

I hope the files I've uploaded are the right ones - please let me know if not and I'll do them again. 

 

 

Thanks for all the help - it will be greatly appreciated more than you will know :)

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 September 2014 - 04:04 PM

Hi there,

please run the following scans:
(And if possible please paste the contents of the logs into the thread and don't attach them. Thanks.)


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 schmoomanoo

schmoomanoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 07 September 2014 - 04:35 PM

okay TDSS report:

 

22:22:58.0396 0x1f44  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:23:03.0890 0x1f44  ============================================================
22:23:03.0890 0x1f44  Current date / time: 2014/09/07 22:23:03.0890
22:23:03.0890 0x1f44  SystemInfo:
22:23:03.0890 0x1f44  
22:23:03.0890 0x1f44  OS Version: 6.1.7600 ServicePack: 0.0
22:23:03.0890 0x1f44  Product type: Workstation
22:23:03.0890 0x1f44  ComputerName: BORIS-PC
22:23:03.0891 0x1f44  UserName: Boris
22:23:03.0891 0x1f44  Windows directory: C:\windows
22:23:03.0891 0x1f44  System windows directory: C:\windows
22:23:03.0891 0x1f44  Running under WOW64
22:23:03.0891 0x1f44  Processor architecture: Intel x64
22:23:03.0891 0x1f44  Number of processors: 4
22:23:03.0891 0x1f44  Page size: 0x1000
22:23:03.0891 0x1f44  Boot type: Normal boot
22:23:03.0891 0x1f44  ============================================================
22:23:04.0352 0x1f44  KLMD registered as C:\windows\system32\drivers\72689148.sys
22:23:05.0513 0x1f44  System UUID: {76F2003A-BCEB-FC62-1748-EF8D0A7807F9}
22:23:06.0855 0x1f44  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:23:06.0874 0x1f44  ============================================================
22:23:06.0874 0x1f44  \Device\Harddisk0\DR0:
22:23:06.0874 0x1f44  MBR partitions:
22:23:06.0874 0x1f44  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:23:06.0874 0x1f44  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C2A9000
22:23:06.0874 0x1f44  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E0DB800, BlocksNum 0x1C2AA000
22:23:06.0874 0x1f44  ============================================================
22:23:06.0905 0x1f44  C: <-> \Device\Harddisk0\DR0\Partition2
22:23:06.0945 0x1f44  D: <-> \Device\Harddisk0\DR0\Partition3
22:23:06.0945 0x1f44  ============================================================
22:23:06.0946 0x1f44  Initialize success
22:23:06.0946 0x1f44  ============================================================
22:23:51.0636 0x1de0  ============================================================
22:23:51.0636 0x1de0  Scan started
22:23:51.0636 0x1de0  Mode: Manual; 
22:23:51.0636 0x1de0  ============================================================
22:23:51.0636 0x1de0  KSN ping started
22:23:54.0661 0x1de0  KSN ping finished: true
22:23:56.0149 0x1de0  ================ Scan system memory ========================
22:23:56.0149 0x1de0  System memory - ok
22:23:56.0150 0x1de0  ================ Scan services =============================
22:23:56.0400 0x1de0  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
22:23:56.0411 0x1de0  1394ohci - ok
22:23:56.0598 0x1de0  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:23:56.0622 0x1de0  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:23:56.0684 0x1de0  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
22:23:56.0694 0x1de0  ACPI - ok
22:23:56.0759 0x1de0  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
22:23:56.0761 0x1de0  AcpiPmi - ok
22:23:56.0923 0x1de0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:23:56.0927 0x1de0  AdobeARMservice - ok
22:23:57.0110 0x1de0  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:23:57.0121 0x1de0  AdobeFlashPlayerUpdateSvc - ok
22:23:57.0213 0x1de0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
22:23:57.0232 0x1de0  adp94xx - ok
22:23:57.0301 0x1de0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
22:23:57.0315 0x1de0  adpahci - ok
22:23:57.0370 0x1de0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
22:23:57.0377 0x1de0  adpu320 - ok
22:23:57.0408 0x1de0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:23:57.0411 0x1de0  AeLookupSvc - ok
22:23:57.0499 0x1de0  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\windows\system32\drivers\afd.sys
22:23:57.0516 0x1de0  AFD - ok
22:23:57.0570 0x1de0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\DRIVERS\agp440.sys
22:23:57.0574 0x1de0  agp440 - ok
22:23:57.0639 0x1de0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
22:23:57.0644 0x1de0  ALG - ok
22:23:57.0692 0x1de0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
22:23:57.0694 0x1de0  aliide - ok
22:23:57.0700 0x1de0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\DRIVERS\amdide.sys
22:23:57.0702 0x1de0  amdide - ok
22:23:57.0711 0x1de0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
22:23:57.0715 0x1de0  AmdK8 - ok
22:23:57.0722 0x1de0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
22:23:57.0725 0x1de0  AmdPPM - ok
22:23:57.0802 0x1de0  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:23:57.0808 0x1de0  amdsata - ok
22:23:57.0855 0x1de0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
22:23:57.0865 0x1de0  amdsbs - ok
22:23:57.0904 0x1de0  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:23:57.0908 0x1de0  amdxata - ok
22:23:57.0966 0x1de0  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\windows\system32\drivers\appid.sys
22:23:57.0972 0x1de0  AppID - ok
22:23:58.0017 0x1de0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:23:58.0020 0x1de0  AppIDSvc - ok
22:23:58.0049 0x1de0  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\windows\System32\appinfo.dll
22:23:58.0053 0x1de0  Appinfo - ok
22:23:58.0087 0x1de0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
22:23:58.0092 0x1de0  arc - ok
22:23:58.0124 0x1de0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
22:23:58.0129 0x1de0  arcsas - ok
22:23:58.0187 0x1de0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:23:58.0189 0x1de0  AsyncMac - ok
22:23:58.0239 0x1de0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
22:23:58.0241 0x1de0  atapi - ok
22:23:58.0419 0x1de0  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
22:23:58.0507 0x1de0  athr - ok
22:23:58.0600 0x1de0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:23:58.0621 0x1de0  AudioEndpointBuilder - ok
22:23:58.0647 0x1de0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:23:58.0664 0x1de0  AudioSrv - ok
22:23:58.0717 0x1de0  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:23:58.0722 0x1de0  AxInstSV - ok
22:23:58.0808 0x1de0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
22:23:58.0826 0x1de0  b06bdrv - ok
22:23:58.0900 0x1de0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:23:58.0910 0x1de0  b57nd60a - ok
22:23:59.0042 0x1de0  [ DBF43DB0C648DB9101D61041E00DF5C4, 6E264D9A825F4098EBD4C5D2E213973B010A97C057AEA30AEB03D2C3914BC943 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:23:59.0051 0x1de0  BBSvc - ok
22:23:59.0113 0x1de0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
22:23:59.0118 0x1de0  BDESVC - ok
22:23:59.0181 0x1de0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
22:23:59.0183 0x1de0  Beep - ok
22:23:59.0273 0x1de0  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\windows\System32\bfe.dll
22:23:59.0294 0x1de0  BFE - ok
22:23:59.0361 0x1de0  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\windows\System32\qmgr.dll
22:23:59.0388 0x1de0  BITS - ok
22:23:59.0464 0x1de0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:23:59.0467 0x1de0  blbdrive - ok
22:23:59.0531 0x1de0  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:23:59.0536 0x1de0  bowser - ok
22:23:59.0583 0x1de0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
22:23:59.0585 0x1de0  BrFiltLo - ok
22:23:59.0590 0x1de0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
22:23:59.0592 0x1de0  BrFiltUp - ok
22:23:59.0642 0x1de0  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\windows\System32\browser.dll
22:23:59.0648 0x1de0  Browser - ok
22:23:59.0689 0x1de0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
22:23:59.0698 0x1de0  Brserid - ok
22:23:59.0718 0x1de0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:23:59.0721 0x1de0  BrSerWdm - ok
22:23:59.0726 0x1de0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:23:59.0728 0x1de0  BrUsbMdm - ok
22:23:59.0735 0x1de0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
22:23:59.0737 0x1de0  BrUsbSer - ok
22:23:59.0743 0x1de0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
22:23:59.0746 0x1de0  BTHMODEM - ok
22:23:59.0811 0x1de0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
22:23:59.0815 0x1de0  bthserv - ok
22:23:59.0850 0x1de0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:23:59.0855 0x1de0  cdfs - ok
22:23:59.0924 0x1de0  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
22:23:59.0931 0x1de0  cdrom - ok
22:24:00.0000 0x1de0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\windows\System32\certprop.dll
22:24:00.0005 0x1de0  CertPropSvc - ok
22:24:00.0114 0x1de0  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\windows\system32\drivers\cfwids.sys
22:24:00.0119 0x1de0  cfwids - ok
22:24:00.0186 0x1de0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
22:24:00.0190 0x1de0  circlass - ok
22:24:00.0244 0x1de0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
22:24:00.0257 0x1de0  CLFS - ok
22:24:00.0348 0x1de0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:00.0352 0x1de0  clr_optimization_v2.0.50727_32 - ok
22:24:00.0379 0x1de0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:00.0387 0x1de0  clr_optimization_v2.0.50727_64 - ok
22:24:00.0496 0x1de0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:00.0503 0x1de0  clr_optimization_v4.0.30319_32 - ok
22:24:00.0533 0x1de0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:00.0539 0x1de0  clr_optimization_v4.0.30319_64 - ok
22:24:00.0555 0x1de0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:24:00.0558 0x1de0  CmBatt - ok
22:24:00.0577 0x1de0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
22:24:00.0579 0x1de0  cmdide - ok
22:24:00.0637 0x1de0  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\windows\system32\Drivers\cng.sys
22:24:00.0654 0x1de0  CNG - ok
22:24:00.0732 0x1de0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:24:00.0735 0x1de0  Compbatt - ok
22:24:00.0787 0x1de0  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
22:24:00.0790 0x1de0  CompositeBus - ok
22:24:00.0816 0x1de0  COMSysApp - ok
22:24:00.0839 0x1de0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
22:24:00.0842 0x1de0  crcdisk - ok
22:24:00.0922 0x1de0  [ 0D7F96AF026D7C1AFDE2A83980A65018, 5CDC0F105F8296974DF8F843A20121B8FFCE78D34AF628DA3C1E1349655F1FA3 ] CryptOSD        C:\windows\system32\DRIVERS\CryptOSD.sys
22:24:00.0936 0x1de0  CryptOSD - ok
22:24:00.0995 0x1de0  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:24:01.0003 0x1de0  CryptSvc - ok
22:24:01.0098 0x1de0  [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm         C:\windows\system32\DRIVERS\ctxusbm.sys
22:24:01.0103 0x1de0  ctxusbm - ok
22:24:01.0192 0x1de0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:24:01.0209 0x1de0  DcomLaunch - ok
22:24:01.0246 0x1de0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
22:24:01.0256 0x1de0  defragsvc - ok
22:24:01.0331 0x1de0  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:24:01.0336 0x1de0  DfsC - ok
22:24:01.0403 0x1de0  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\windows\system32\dhcpcore.dll
22:24:01.0416 0x1de0  Dhcp - ok
22:24:01.0436 0x1de0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
22:24:01.0439 0x1de0  discache - ok
22:24:01.0503 0x1de0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
22:24:01.0508 0x1de0  Disk - ok
22:24:01.0581 0x1de0  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:24:01.0589 0x1de0  Dnscache - ok
22:24:01.0652 0x1de0  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\windows\System32\dot3svc.dll
22:24:01.0664 0x1de0  dot3svc - ok
22:24:01.0700 0x1de0  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\windows\system32\dps.dll
22:24:01.0706 0x1de0  DPS - ok
22:24:01.0771 0x1de0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:24:01.0773 0x1de0  drmkaud - ok
22:24:01.0852 0x1de0  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:24:01.0881 0x1de0  DXGKrnl - ok
22:24:01.0950 0x1de0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
22:24:01.0955 0x1de0  EapHost - ok
22:24:02.0109 0x1de0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
22:24:02.0237 0x1de0  ebdrv - ok
22:24:02.0281 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\windows\System32\lsass.exe
22:24:02.0284 0x1de0  EFS - ok
22:24:02.0395 0x1de0  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:24:02.0417 0x1de0  ehRecvr - ok
22:24:02.0468 0x1de0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
22:24:02.0473 0x1de0  ehSched - ok
22:24:02.0510 0x1de0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
22:24:02.0527 0x1de0  elxstor - ok
22:24:02.0619 0x1de0  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:24:02.0624 0x1de0  EpsonBidirectionalService - ok
22:24:02.0705 0x1de0  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\windows\system32\EscSvc64.exe
22:24:02.0712 0x1de0  EpsonScanSvc - ok
22:24:02.0729 0x1de0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
22:24:02.0731 0x1de0  ErrDev - ok
22:24:02.0822 0x1de0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
22:24:02.0835 0x1de0  EventSystem - ok
22:24:02.0862 0x1de0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
22:24:02.0869 0x1de0  exfat - ok
22:24:02.0889 0x1de0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:24:02.0897 0x1de0  fastfat - ok
22:24:02.0970 0x1de0  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\windows\system32\fxssvc.exe
22:24:02.0991 0x1de0  Fax - ok
22:24:03.0044 0x1de0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
22:24:03.0047 0x1de0  fdc - ok
22:24:03.0105 0x1de0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
22:24:03.0108 0x1de0  fdPHost - ok
22:24:03.0125 0x1de0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
22:24:03.0128 0x1de0  FDResPub - ok
22:24:03.0149 0x1de0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:24:03.0152 0x1de0  FileInfo - ok
22:24:03.0166 0x1de0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:24:03.0169 0x1de0  Filetrace - ok
22:24:03.0184 0x1de0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
22:24:03.0186 0x1de0  flpydisk - ok
22:24:03.0243 0x1de0  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:24:03.0255 0x1de0  FltMgr - ok
22:24:03.0318 0x1de0  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\windows\system32\FntCache.dll
22:24:03.0346 0x1de0  FontCache - ok
22:24:03.0398 0x1de0  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:03.0402 0x1de0  FontCache3.0.0.0 - ok
22:24:03.0422 0x1de0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:24:03.0424 0x1de0  FsDepends - ok
22:24:03.0499 0x1de0  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
22:24:03.0502 0x1de0  fssfltr - ok
22:24:03.0681 0x1de0  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:24:03.0722 0x1de0  fsssvc - ok
22:24:03.0759 0x1de0  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:24:03.0762 0x1de0  Fs_Rec - ok
22:24:03.0848 0x1de0  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:24:03.0857 0x1de0  fvevol - ok
22:24:03.0932 0x1de0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
22:24:03.0936 0x1de0  gagp30kx - ok
22:24:03.0995 0x1de0  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\windows\System32\gpsvc.dll
22:24:04.0018 0x1de0  gpsvc - ok
22:24:04.0198 0x1de0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:24:04.0205 0x1de0  gupdate - ok
22:24:04.0262 0x1de0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:24:04.0267 0x1de0  gupdatem - ok
22:24:04.0353 0x1de0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:24:04.0361 0x1de0  gusvc - ok
22:24:04.0388 0x1de0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:24:04.0391 0x1de0  hcw85cir - ok
22:24:04.0456 0x1de0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:24:04.0467 0x1de0  HdAudAddService - ok
22:24:04.0519 0x1de0  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
22:24:04.0524 0x1de0  HDAudBus - ok
22:24:04.0541 0x1de0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
22:24:04.0543 0x1de0  HidBatt - ok
22:24:04.0557 0x1de0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
22:24:04.0562 0x1de0  HidBth - ok
22:24:04.0582 0x1de0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
22:24:04.0585 0x1de0  HidIr - ok
22:24:04.0609 0x1de0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
22:24:04.0612 0x1de0  hidserv - ok
22:24:04.0674 0x1de0  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:24:04.0677 0x1de0  HidUsb - ok
22:24:04.0781 0x1de0  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\windows\system32\drivers\HipShieldK.sys
22:24:04.0790 0x1de0  HipShieldK - ok
22:24:04.0817 0x1de0  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\windows\system32\kmsvc.dll
22:24:04.0822 0x1de0  hkmsvc - ok
22:24:04.0851 0x1de0  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:24:04.0859 0x1de0  HomeGroupListener - ok
22:24:04.0887 0x1de0  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:24:04.0895 0x1de0  HomeGroupProvider - ok
22:24:05.0123 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:05.0134 0x1de0  HomeNetSvc - ok
22:24:05.0150 0x1de0  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
22:24:05.0154 0x1de0  HpSAMD - ok
22:24:05.0215 0x1de0  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\windows\system32\Drivers\ANDROIDUSB.sys
22:24:05.0218 0x1de0  HTCAND64 - ok
22:24:05.0285 0x1de0  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:24:05.0306 0x1de0  HTTP - ok
22:24:05.0322 0x1de0  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:24:05.0324 0x1de0  hwpolicy - ok
22:24:05.0393 0x1de0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
22:24:05.0398 0x1de0  i8042prt - ok
22:24:05.0497 0x1de0  [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:24:05.0516 0x1de0  iaStor - ok
22:24:05.0589 0x1de0  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:24:05.0605 0x1de0  iaStorV - ok
22:24:05.0684 0x1de0  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:05.0710 0x1de0  idsvc - ok
22:24:06.0172 0x1de0  [ 09CE164AFA8483E41808784D7FCA154E, 43557E44C8339469BD34B54D2080AF041356F0201A7ECA3A6EEEA9C9C7D78F87 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:24:06.0594 0x1de0  igfx - ok
22:24:06.0669 0x1de0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
22:24:06.0672 0x1de0  iirsp - ok
22:24:06.0734 0x1de0  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\windows\System32\ikeext.dll
22:24:06.0764 0x1de0  IKEEXT - ok
22:24:06.0829 0x1de0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
22:24:06.0835 0x1de0  Impcd - ok
22:24:07.0017 0x1de0  [ 801946CE25DD2179FE68599826B0BB88, 4C9D10303DF1EC005693DD28220A9C5B87DD32244112BA1F09D8AD0CF7D311DC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:24:07.0081 0x1de0  IntcAzAudAddService - ok
22:24:07.0173 0x1de0  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
22:24:07.0184 0x1de0  IntcDAud - ok
22:24:07.0202 0x1de0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\DRIVERS\intelide.sys
22:24:07.0204 0x1de0  intelide - ok
22:24:07.0275 0x1de0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:24:07.0279 0x1de0  intelppm - ok
22:24:07.0334 0x1de0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:24:07.0341 0x1de0  IPBusEnum - ok
22:24:07.0394 0x1de0  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:24:07.0400 0x1de0  IpFilterDriver - ok
22:24:07.0446 0x1de0  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:24:07.0462 0x1de0  iphlpsvc - ok
22:24:07.0485 0x1de0  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
22:24:07.0488 0x1de0  IPMIDRV - ok
22:24:07.0496 0x1de0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:24:07.0501 0x1de0  IPNAT - ok
22:24:07.0556 0x1de0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:24:07.0558 0x1de0  IRENUM - ok
22:24:07.0564 0x1de0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
22:24:07.0567 0x1de0  isapnp - ok
22:24:07.0589 0x1de0  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
22:24:07.0597 0x1de0  iScsiPrt - ok
22:24:07.0670 0x1de0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
22:24:07.0673 0x1de0  kbdclass - ok
22:24:07.0704 0x1de0  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
22:24:07.0707 0x1de0  kbdhid - ok
22:24:07.0738 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\windows\system32\lsass.exe
22:24:07.0742 0x1de0  KeyIso - ok
22:24:07.0790 0x1de0  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:24:07.0794 0x1de0  KSecDD - ok
22:24:07.0841 0x1de0  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:24:07.0848 0x1de0  KSecPkg - ok
22:24:07.0885 0x1de0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:24:07.0887 0x1de0  ksthunk - ok
22:24:07.0943 0x1de0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
22:24:07.0958 0x1de0  KtmRm - ok
22:24:08.0053 0x1de0  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\windows\system32\srvsvc.dll
22:24:08.0065 0x1de0  LanmanServer - ok
22:24:08.0099 0x1de0  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:24:08.0105 0x1de0  LanmanWorkstation - ok
22:24:08.0162 0x1de0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:24:08.0165 0x1de0  lltdio - ok
22:24:08.0209 0x1de0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:24:08.0221 0x1de0  lltdsvc - ok
22:24:08.0233 0x1de0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:24:08.0236 0x1de0  lmhosts - ok
22:24:08.0297 0x1de0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
22:24:08.0303 0x1de0  LSI_FC - ok
22:24:08.0311 0x1de0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
22:24:08.0317 0x1de0  LSI_SAS - ok
22:24:08.0326 0x1de0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
22:24:08.0330 0x1de0  LSI_SAS2 - ok
22:24:08.0339 0x1de0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
22:24:08.0345 0x1de0  LSI_SCSI - ok
22:24:08.0390 0x1de0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
22:24:08.0395 0x1de0  luafv - ok
22:24:08.0469 0x1de0  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
22:24:08.0473 0x1de0  MBAMProtector - ok
22:24:08.0604 0x1de0  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
22:24:08.0654 0x1de0  MBAMScheduler - ok
22:24:08.0763 0x1de0  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
22:24:08.0788 0x1de0  MBAMService - ok
22:24:08.0914 0x1de0  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
22:24:08.0921 0x1de0  MBAMSwissArmy - ok
22:24:08.0942 0x1de0  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
22:24:08.0945 0x1de0  MBAMWebAccessControl - ok
22:24:09.0079 0x1de0  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:24:09.0087 0x1de0  McAfee SiteAdvisor Service - ok
22:24:09.0205 0x1de0  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
22:24:09.0221 0x1de0  McAPExe - ok
22:24:09.0420 0x1de0  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
22:24:09.0431 0x1de0  McComponentHostService - ok
22:24:09.0531 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:09.0540 0x1de0  McMPFSvc - ok
22:24:09.0571 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:09.0580 0x1de0  McNaiAnn - ok
22:24:09.0687 0x1de0  [ 7F8446D8AD9161B34DC7C209FB148A5A, 26B07EB138992586FC410849172A63ACC26D99ED59B568EFF9C93ED2EB129453 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
22:24:09.0705 0x1de0  McODS - ok
22:24:09.0799 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:09.0809 0x1de0  mcpltsvc - ok
22:24:09.0859 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:09.0868 0x1de0  McProxy - ok
22:24:09.0945 0x1de0  [ F4BE81C919FC0A012F5357E3911D4B67, 8FC3D787A1FACE8022D9BF1A4B024E313F8FD7535696D5E868DC2839E3B76E72 ] McPvDrv         C:\windows\system32\drivers\McPvDrv.sys
22:24:09.0948 0x1de0  McPvDrv - ok
22:24:09.0978 0x1de0  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:24:09.0983 0x1de0  Mcx2Svc - ok
22:24:09.0993 0x1de0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
22:24:09.0996 0x1de0  megasas - ok
22:24:10.0029 0x1de0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
22:24:10.0038 0x1de0  MegaSR - ok
22:24:10.0137 0x1de0  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
22:24:10.0144 0x1de0  mfeapfk - ok
22:24:10.0199 0x1de0  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
22:24:10.0209 0x1de0  mfeavfk - ok
22:24:10.0362 0x1de0  [ 28E4FB2E9918C2E680BE9FD8E130471C, DFD1738F2CC0743F2CD9754CAFFFFC4D38590AF8AD2E1159F8FEAC9E9922E4B8 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
22:24:10.0392 0x1de0  mfecore - ok
22:24:10.0526 0x1de0  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:24:10.0534 0x1de0  mfefire - ok
22:24:10.0637 0x1de0  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\windows\system32\drivers\mfefirek.sys
22:24:10.0655 0x1de0  mfefirek - ok
22:24:10.0796 0x1de0  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
22:24:10.0820 0x1de0  mfehidk - ok
22:24:10.0919 0x1de0  [ 6CD9133BC4B5DF25FB8BCBC382C8466F, F3C938D1EDD61EE1B227112CB027804E0AAD16CBCDD67EEE1D8EAABDFC996BA1 ] mfencbdc        C:\windows\system32\DRIVERS\mfencbdc.sys
22:24:10.0936 0x1de0  mfencbdc - ok
22:24:10.0981 0x1de0  [ 408DC249009CDB3C9B299716C861C64B, 3EFBFA8EE857CBF4C6A29E0D1DA38EB21B57D5BA1F6CC544503CA8253E9BFF12 ] mfencrk         C:\windows\system32\DRIVERS\mfencrk.sys
22:24:10.0987 0x1de0  mfencrk - ok
22:24:11.0084 0x1de0  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\windows\system32\mfevtps.exe
22:24:11.0094 0x1de0  mfevtp - ok
22:24:11.0160 0x1de0  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
22:24:11.0172 0x1de0  mfewfpk - ok
22:24:11.0229 0x1de0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
22:24:11.0233 0x1de0  MMCSS - ok
22:24:11.0283 0x1de0  [ 8CC001C65C31633171991FA72A551D43, F256EED72C712C2B5C1DB6DE31DA52609EC0E47EB869E7BC0B70B286593A96DB ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
22:24:11.0292 0x1de0  MOBKbackup - ok
22:24:11.0336 0x1de0  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF, D949CACB9EF881194B06A961071938F57F3AD57EBB5440B6E7F0B340757641BD ] MOBKFilter      C:\windows\system32\DRIVERS\MOBK.sys
22:24:11.0340 0x1de0  MOBKFilter - ok
22:24:11.0358 0x1de0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
22:24:11.0361 0x1de0  Modem - ok
22:24:11.0428 0x1de0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:24:11.0431 0x1de0  monitor - ok
22:24:11.0474 0x1de0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:24:11.0478 0x1de0  mouclass - ok
22:24:11.0536 0x1de0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:24:11.0540 0x1de0  mouhid - ok
22:24:11.0577 0x1de0  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:24:11.0581 0x1de0  mountmgr - ok
22:24:11.0634 0x1de0  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
22:24:11.0641 0x1de0  mpio - ok
22:24:11.0689 0x1de0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:24:11.0693 0x1de0  mpsdrv - ok
22:24:11.0779 0x1de0  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\windows\system32\mpssvc.dll
22:24:11.0804 0x1de0  MpsSvc - ok
22:24:11.0853 0x1de0  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:24:11.0859 0x1de0  MRxDAV - ok
22:24:11.0892 0x1de0  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:24:11.0898 0x1de0  mrxsmb - ok
22:24:11.0953 0x1de0  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:24:11.0964 0x1de0  mrxsmb10 - ok
22:24:11.0994 0x1de0  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:24:11.0999 0x1de0  mrxsmb20 - ok
22:24:12.0017 0x1de0  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
22:24:12.0020 0x1de0  msahci - ok
22:24:12.0045 0x1de0  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
22:24:12.0051 0x1de0  msdsm - ok
22:24:12.0076 0x1de0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
22:24:12.0083 0x1de0  MSDTC - ok
22:24:12.0104 0x1de0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:24:12.0107 0x1de0  Msfs - ok
22:24:12.0126 0x1de0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:24:12.0128 0x1de0  mshidkmdf - ok
22:24:12.0142 0x1de0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
22:24:12.0144 0x1de0  msisadrv - ok
22:24:12.0209 0x1de0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:24:12.0217 0x1de0  MSiSCSI - ok
22:24:12.0223 0x1de0  msiserver - ok
22:24:12.0300 0x1de0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
22:24:12.0313 0x1de0  MSK80Service - ok
22:24:12.0362 0x1de0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:24:12.0364 0x1de0  MSKSSRV - ok
22:24:12.0384 0x1de0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:24:12.0387 0x1de0  MSPCLOCK - ok
22:24:12.0392 0x1de0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:24:12.0395 0x1de0  MSPQM - ok
22:24:12.0424 0x1de0  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:24:12.0435 0x1de0  MsRPC - ok
22:24:12.0460 0x1de0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
22:24:12.0462 0x1de0  mssmbios - ok
22:24:12.0481 0x1de0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:24:12.0484 0x1de0  MSTEE - ok
22:24:12.0490 0x1de0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
22:24:12.0493 0x1de0  MTConfig - ok
22:24:12.0547 0x1de0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
22:24:12.0551 0x1de0  Mup - ok
22:24:12.0596 0x1de0  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\windows\system32\qagentRT.dll
22:24:12.0613 0x1de0  napagent - ok
22:24:12.0713 0x1de0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:24:12.0724 0x1de0  NativeWifiP - ok
22:24:12.0817 0x1de0  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\windows\system32\drivers\ndis.sys
22:24:12.0840 0x1de0  NDIS - ok
22:24:12.0897 0x1de0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:24:12.0900 0x1de0  NdisCap - ok
22:24:12.0956 0x1de0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:24:12.0958 0x1de0  NdisTapi - ok
22:24:13.0010 0x1de0  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:24:13.0013 0x1de0  Ndisuio - ok
22:24:13.0054 0x1de0  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:24:13.0061 0x1de0  NdisWan - ok
22:24:13.0072 0x1de0  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:24:13.0075 0x1de0  NDProxy - ok
22:24:13.0090 0x1de0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:24:13.0094 0x1de0  NetBIOS - ok
22:24:13.0116 0x1de0  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:24:13.0125 0x1de0  NetBT - ok
22:24:13.0138 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\windows\system32\lsass.exe
22:24:13.0141 0x1de0  Netlogon - ok
22:24:13.0178 0x1de0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
22:24:13.0191 0x1de0  Netman - ok
22:24:13.0223 0x1de0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
22:24:13.0236 0x1de0  netprofm - ok
22:24:13.0265 0x1de0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:13.0270 0x1de0  NetTcpPortSharing - ok
22:24:13.0294 0x1de0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
22:24:13.0297 0x1de0  nfrd960 - ok
22:24:13.0325 0x1de0  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\windows\System32\nlasvc.dll
22:24:13.0336 0x1de0  NlaSvc - ok
22:24:13.0348 0x1de0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:24:13.0351 0x1de0  Npfs - ok
22:24:13.0378 0x1de0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
22:24:13.0381 0x1de0  nsi - ok
22:24:13.0400 0x1de0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:24:13.0402 0x1de0  nsiproxy - ok
22:24:13.0509 0x1de0  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:24:13.0555 0x1de0  Ntfs - ok
22:24:13.0589 0x1de0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
22:24:13.0591 0x1de0  Null - ok
22:24:13.0661 0x1de0  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:24:13.0669 0x1de0  nvraid - ok
22:24:13.0698 0x1de0  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:24:13.0704 0x1de0  nvstor - ok
22:24:13.0725 0x1de0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
22:24:13.0730 0x1de0  nv_agp - ok
22:24:13.0738 0x1de0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
22:24:13.0741 0x1de0  ohci1394 - ok
22:24:13.0850 0x1de0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:13.0858 0x1de0  ose - ok
22:24:14.0190 0x1de0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:24:14.0395 0x1de0  osppsvc - ok
22:24:14.0481 0x1de0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:24:14.0492 0x1de0  p2pimsvc - ok
22:24:14.0535 0x1de0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
22:24:14.0550 0x1de0  p2psvc - ok
22:24:14.0625 0x1de0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
22:24:14.0630 0x1de0  Parport - ok
22:24:14.0681 0x1de0  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:24:14.0686 0x1de0  partmgr - ok
22:24:14.0748 0x1de0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
22:24:14.0757 0x1de0  PcaSvc - ok
22:24:14.0773 0x1de0  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\windows\system32\DRIVERS\pci.sys
22:24:14.0780 0x1de0  pci - ok
22:24:14.0787 0x1de0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\DRIVERS\pciide.sys
22:24:14.0789 0x1de0  pciide - ok
22:24:14.0799 0x1de0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
22:24:14.0807 0x1de0  pcmcia - ok
22:24:14.0819 0x1de0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
22:24:14.0822 0x1de0  pcw - ok
22:24:14.0877 0x1de0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:24:14.0897 0x1de0  PEAUTH - ok
22:24:14.0972 0x1de0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:24:14.0976 0x1de0  PerfHost - ok
22:24:15.0059 0x1de0  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\windows\system32\pla.dll
22:24:15.0100 0x1de0  pla - ok
22:24:15.0137 0x1de0  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:24:15.0150 0x1de0  PlugPlay - ok
22:24:15.0186 0x1de0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:24:15.0190 0x1de0  PNRPAutoReg - ok
22:24:15.0216 0x1de0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:24:15.0227 0x1de0  PNRPsvc - ok
22:24:15.0273 0x1de0  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:24:15.0290 0x1de0  PolicyAgent - ok
22:24:15.0337 0x1de0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
22:24:15.0345 0x1de0  Power - ok
22:24:15.0408 0x1de0  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:24:15.0414 0x1de0  PptpMiniport - ok
22:24:15.0430 0x1de0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
22:24:15.0435 0x1de0  Processor - ok
22:24:15.0518 0x1de0  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\windows\system32\profsvc.dll
22:24:15.0527 0x1de0  ProfSvc - ok
22:24:15.0538 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\windows\system32\lsass.exe
22:24:15.0540 0x1de0  ProtectedStorage - ok
22:24:15.0595 0x1de0  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:24:15.0600 0x1de0  Psched - ok
22:24:15.0879 0x1de0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
22:24:15.0928 0x1de0  ql2300 - ok
22:24:15.0957 0x1de0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
22:24:15.0964 0x1de0  ql40xx - ok
22:24:16.0000 0x1de0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
22:24:16.0010 0x1de0  QWAVE - ok
22:24:16.0033 0x1de0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:24:16.0036 0x1de0  QWAVEdrv - ok
22:24:16.0230 0x1de0  [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
22:24:16.0248 0x1de0  RapportCerberus_59849 - ok
22:24:16.0313 0x1de0  [ DCB17A156E10ACF30202F59E8A4AD7EE, E3BE854357BAC3502D51FC674161C7ED8696A6FBCB54F99E50FDA9387E6477B1 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
22:24:16.0323 0x1de0  RapportEI64 - ok
22:24:16.0368 0x1de0  [ 56EFD1EFAE1BCC602124E1937A0923F3, 1E76E11C7EE1A787943A3233D3E5DA1A417E4994404EA0AAB03F923001F44071 ] RapportKE64     C:\windows\system32\Drivers\RapportKE64.sys
22:24:16.0379 0x1de0  RapportKE64 - ok
22:24:16.0511 0x1de0  [ 48BB371827BC8740C25B01EEA68F11AA, 5ED1F6695FF867F540979E27773E61D906B9317FB7CFE464D236413866511C91 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
22:24:16.0552 0x1de0  RapportMgmtService - ok
22:24:16.0594 0x1de0  [ 64CF0700A20B0BA49C7F07B4B968809C, 1A62B066C97D845CC654349F70F3B0646D40A42EE87EDA659420A6045C2598A1 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
22:24:16.0608 0x1de0  RapportPG64 - ok
22:24:16.0638 0x1de0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:24:16.0640 0x1de0  RasAcd - ok
22:24:16.0694 0x1de0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:24:16.0698 0x1de0  RasAgileVpn - ok
22:24:16.0731 0x1de0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
22:24:16.0739 0x1de0  RasAuto - ok
22:24:16.0766 0x1de0  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:24:16.0774 0x1de0  Rasl2tp - ok
22:24:16.0807 0x1de0  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\windows\System32\rasmans.dll
22:24:16.0820 0x1de0  RasMan - ok
22:24:16.0847 0x1de0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:24:16.0851 0x1de0  RasPppoe - ok
22:24:16.0903 0x1de0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:24:16.0908 0x1de0  RasSstp - ok
22:24:16.0944 0x1de0  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:24:16.0955 0x1de0  rdbss - ok
22:24:16.0966 0x1de0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
22:24:16.0968 0x1de0  rdpbus - ok
22:24:16.0980 0x1de0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:24:16.0982 0x1de0  RDPCDD - ok
22:24:17.0041 0x1de0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:24:17.0043 0x1de0  RDPENCDD - ok
22:24:17.0061 0x1de0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:24:17.0063 0x1de0  RDPREFMP - ok
22:24:17.0109 0x1de0  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:24:17.0118 0x1de0  RDPWD - ok
22:24:17.0179 0x1de0  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:24:17.0187 0x1de0  rdyboost - ok
22:24:17.0224 0x1de0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:24:17.0230 0x1de0  RemoteAccess - ok
22:24:17.0267 0x1de0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:24:17.0274 0x1de0  RemoteRegistry - ok
22:24:17.0361 0x1de0  [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:24:17.0371 0x1de0  RichVideo - ok
22:24:17.0428 0x1de0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:24:17.0433 0x1de0  RpcEptMapper - ok
22:24:17.0458 0x1de0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
22:24:17.0462 0x1de0  RpcLocator - ok
22:24:17.0516 0x1de0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\windows\system32\rpcss.dll
22:24:17.0534 0x1de0  RpcSs - ok
22:24:17.0600 0x1de0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:24:17.0604 0x1de0  rspndr - ok
22:24:17.0625 0x1de0  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:24:17.0633 0x1de0  RTL8167 - ok
22:24:17.0724 0x1de0  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
22:24:17.0726 0x1de0  rtport - ok
22:24:17.0791 0x1de0  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
22:24:17.0793 0x1de0  SABI - ok
22:24:17.0816 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\windows\system32\lsass.exe
22:24:17.0819 0x1de0  SamSs - ok
22:24:17.0857 0x1de0  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
22:24:17.0862 0x1de0  sbp2port - ok
22:24:17.0918 0x1de0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:24:17.0928 0x1de0  SCardSvr - ok
22:24:17.0964 0x1de0  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:24:17.0967 0x1de0  scfilter - ok
22:24:18.0064 0x1de0  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\windows\system32\schedsvc.dll
22:24:18.0097 0x1de0  Schedule - ok
22:24:18.0122 0x1de0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\windows\System32\certprop.dll
22:24:18.0125 0x1de0  SCPolicySvc - ok
22:24:18.0157 0x1de0  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:24:18.0165 0x1de0  SDRSVC - ok
22:24:18.0305 0x1de0  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:24:18.0316 0x1de0  SeaPort - ok
22:24:18.0390 0x1de0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:24:18.0393 0x1de0  secdrv - ok
22:24:18.0420 0x1de0  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\windows\system32\seclogon.dll
22:24:18.0424 0x1de0  seclogon - ok
22:24:18.0439 0x1de0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
22:24:18.0444 0x1de0  SENS - ok
22:24:18.0476 0x1de0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:24:18.0480 0x1de0  SensrSvc - ok
22:24:18.0524 0x1de0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
22:24:18.0526 0x1de0  Serenum - ok
22:24:18.0582 0x1de0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
22:24:18.0588 0x1de0  Serial - ok
22:24:18.0603 0x1de0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
22:24:18.0606 0x1de0  sermouse - ok
22:24:18.0643 0x1de0  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\windows\system32\sessenv.dll
22:24:18.0648 0x1de0  SessionEnv - ok
22:24:18.0681 0x1de0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:24:18.0683 0x1de0  sffdisk - ok
22:24:18.0707 0x1de0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:24:18.0710 0x1de0  sffp_mmc - ok
22:24:18.0731 0x1de0  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:24:18.0734 0x1de0  sffp_sd - ok
22:24:18.0793 0x1de0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
22:24:18.0796 0x1de0  sfloppy - ok
22:24:18.0844 0x1de0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:24:18.0858 0x1de0  SharedAccess - ok
22:24:18.0898 0x1de0  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:24:18.0912 0x1de0  ShellHWDetection - ok
22:24:18.0920 0x1de0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
22:24:18.0923 0x1de0  SiSRaid2 - ok
22:24:18.0930 0x1de0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
22:24:18.0934 0x1de0  SiSRaid4 - ok
22:24:18.0964 0x1de0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:24:18.0968 0x1de0  Smb - ok
22:24:18.0999 0x1de0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:24:19.0002 0x1de0  SNMPTRAP - ok
22:24:19.0037 0x1de0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
22:24:19.0039 0x1de0  spldr - ok
22:24:19.0108 0x1de0  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\windows\System32\spoolsv.exe
22:24:19.0126 0x1de0  Spooler - ok
22:24:19.0308 0x1de0  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\windows\system32\sppsvc.exe
22:24:19.0445 0x1de0  sppsvc - ok
22:24:19.0463 0x1de0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:24:19.0468 0x1de0  sppuinotify - ok
22:24:19.0506 0x1de0  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\windows\system32\DRIVERS\srv.sys
22:24:19.0520 0x1de0  srv - ok
22:24:19.0550 0x1de0  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:24:19.0562 0x1de0  srv2 - ok
22:24:19.0596 0x1de0  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:24:19.0603 0x1de0  srvnet - ok
22:24:19.0635 0x1de0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:24:19.0643 0x1de0  SSDPSRV - ok
22:24:19.0658 0x1de0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:24:19.0663 0x1de0  SstpSvc - ok
22:24:19.0689 0x1de0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
22:24:19.0691 0x1de0  stexstor - ok
22:24:19.0758 0x1de0  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\windows\System32\wiaservc.dll
22:24:19.0778 0x1de0  stisvc - ok
22:24:19.0791 0x1de0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
22:24:19.0793 0x1de0  swenum - ok
22:24:19.0854 0x1de0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
22:24:19.0873 0x1de0  swprv - ok
22:24:19.0979 0x1de0  [ 3C80203C725C28CEA5713D1AB242880A, 4056DD312C5DFDF52AA98C69964DB9F573717BF416150225F8EAB30518AE45E9 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
22:24:19.0993 0x1de0  SynTP - ok
22:24:20.0082 0x1de0  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\windows\system32\sysmain.dll
22:24:20.0133 0x1de0  SysMain - ok
22:24:20.0167 0x1de0  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\windows\System32\TabSvc.dll
22:24:20.0172 0x1de0  TabletInputService - ok
22:24:20.0212 0x1de0  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\windows\System32\tapisrv.dll
22:24:20.0224 0x1de0  TapiSrv - ok
22:24:20.0247 0x1de0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
22:24:20.0251 0x1de0  TBS - ok
22:24:20.0366 0x1de0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:24:20.0420 0x1de0  Tcpip - ok
22:24:20.0552 0x1de0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:24:20.0604 0x1de0  TCPIP6 - ok
22:24:20.0640 0x1de0  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:24:20.0643 0x1de0  tcpipreg - ok
22:24:20.0662 0x1de0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:24:20.0665 0x1de0  TDPIPE - ok
22:24:20.0714 0x1de0  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:24:20.0716 0x1de0  TDTCP - ok
22:24:20.0764 0x1de0  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:24:20.0769 0x1de0  tdx - ok
22:24:20.0785 0x1de0  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
22:24:20.0788 0x1de0  TermDD - ok
22:24:20.0830 0x1de0  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\windows\System32\termsrv.dll
22:24:20.0852 0x1de0  TermService - ok
22:24:20.0867 0x1de0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
22:24:20.0871 0x1de0  Themes - ok
22:24:20.0895 0x1de0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
22:24:20.0899 0x1de0  THREADORDER - ok
22:24:20.0962 0x1de0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
22:24:20.0968 0x1de0  TrkWks - ok
22:24:21.0027 0x1de0  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:24:21.0034 0x1de0  TrustedInstaller - ok
22:24:21.0052 0x1de0  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:24:21.0055 0x1de0  tssecsrv - ok
22:24:21.0119 0x1de0  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:24:21.0124 0x1de0  tunnel - ok
22:24:21.0140 0x1de0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
22:24:21.0143 0x1de0  uagp35 - ok
22:24:21.0200 0x1de0  [ 31BA4A33AFAB6A69EA092B18017F737F, CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:24:21.0212 0x1de0  udfs - ok
22:24:21.0259 0x1de0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:24:21.0264 0x1de0  UI0Detect - ok
22:24:21.0283 0x1de0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
22:24:21.0287 0x1de0  uliagpkx - ok
22:24:21.0344 0x1de0  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
22:24:21.0348 0x1de0  umbus - ok
22:24:21.0355 0x1de0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
22:24:21.0358 0x1de0  UmPass - ok
22:24:21.0394 0x1de0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
22:24:21.0408 0x1de0  upnphost - ok
22:24:21.0472 0x1de0  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
22:24:21.0476 0x1de0  USBAAPL64 - ok
22:24:21.0509 0x1de0  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:24:21.0513 0x1de0  usbccgp - ok
22:24:21.0567 0x1de0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
22:24:21.0572 0x1de0  usbcir - ok
22:24:21.0595 0x1de0  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:24:21.0599 0x1de0  usbehci - ok
22:24:21.0672 0x1de0  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:24:21.0684 0x1de0  usbhub - ok
22:24:21.0710 0x1de0  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:24:21.0713 0x1de0  usbohci - ok
22:24:21.0785 0x1de0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:24:21.0788 0x1de0  usbprint - ok
22:24:21.0812 0x1de0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
22:24:21.0815 0x1de0  usbscan - ok
22:24:21.0837 0x1de0  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:24:21.0841 0x1de0  USBSTOR - ok
22:24:21.0878 0x1de0  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:24:21.0880 0x1de0  usbuhci - ok
22:24:21.0965 0x1de0  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:24:21.0973 0x1de0  usbvideo - ok
22:24:22.0016 0x1de0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
22:24:22.0020 0x1de0  UxSms - ok
22:24:22.0060 0x1de0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\windows\system32\lsass.exe
22:24:22.0063 0x1de0  VaultSvc - ok
22:24:22.0120 0x1de0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
22:24:22.0123 0x1de0  vdrvroot - ok
22:24:22.0166 0x1de0  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\windows\System32\vds.exe
22:24:22.0184 0x1de0  vds - ok
22:24:22.0201 0x1de0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:24:22.0204 0x1de0  vga - ok
22:24:22.0220 0x1de0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
22:24:22.0222 0x1de0  VgaSave - ok
22:24:22.0234 0x1de0  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
22:24:22.0241 0x1de0  vhdmp - ok
22:24:22.0257 0x1de0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\DRIVERS\viaide.sys
22:24:22.0259 0x1de0  viaide - ok
22:24:22.0283 0x1de0  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
22:24:22.0286 0x1de0  volmgr - ok
22:24:22.0313 0x1de0  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:24:22.0324 0x1de0  volmgrx - ok
22:24:22.0357 0x1de0  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:24:22.0366 0x1de0  volsnap - ok
22:24:22.0391 0x1de0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
22:24:22.0397 0x1de0  vsmraid - ok
22:24:22.0481 0x1de0  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\windows\system32\vssvc.exe
22:24:22.0520 0x1de0  VSS - ok
22:24:22.0543 0x1de0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:24:22.0545 0x1de0  vwifibus - ok
22:24:22.0607 0x1de0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:24:22.0611 0x1de0  vwififlt - ok
22:24:22.0642 0x1de0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
22:24:22.0655 0x1de0  W32Time - ok
22:24:22.0679 0x1de0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
22:24:22.0681 0x1de0  WacomPen - ok
22:24:22.0742 0x1de0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:24:22.0746 0x1de0  WANARP - ok
22:24:22.0755 0x1de0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:24:22.0759 0x1de0  Wanarpv6 - ok
22:24:22.0862 0x1de0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
22:24:22.0901 0x1de0  WatAdminSvc - ok
22:24:23.0001 0x1de0  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\windows\system32\wbengine.exe
22:24:23.0045 0x1de0  wbengine - ok
22:24:23.0070 0x1de0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:24:23.0079 0x1de0  WbioSrvc - ok
22:24:23.0123 0x1de0  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:24:23.0135 0x1de0  wcncsvc - ok
22:24:23.0159 0x1de0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:24:23.0165 0x1de0  WcsPlugInService - ok
22:24:23.0194 0x1de0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
22:24:23.0198 0x1de0  Wd - ok
22:24:23.0265 0x1de0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:24:23.0289 0x1de0  Wdf01000 - ok
22:24:23.0347 0x1de0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:24:23.0352 0x1de0  WdiServiceHost - ok
22:24:23.0359 0x1de0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:24:23.0364 0x1de0  WdiSystemHost - ok
22:24:23.0397 0x1de0  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\windows\System32\webclnt.dll
22:24:23.0407 0x1de0  WebClient - ok
22:24:23.0436 0x1de0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:24:23.0446 0x1de0  Wecsvc - ok
22:24:23.0453 0x1de0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:24:23.0458 0x1de0  wercplsupport - ok
22:24:23.0503 0x1de0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
22:24:23.0508 0x1de0  WerSvc - ok
22:24:23.0563 0x1de0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:24:23.0565 0x1de0  WfpLwf - ok
22:24:23.0581 0x1de0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:24:23.0584 0x1de0  WIMMount - ok
22:24:23.0609 0x1de0  WinDefend - ok
22:24:23.0617 0x1de0  WinHttpAutoProxySvc - ok
22:24:23.0682 0x1de0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:24:23.0690 0x1de0  Winmgmt - ok
22:24:23.0794 0x1de0  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\windows\system32\WsmSvc.dll
22:24:23.0854 0x1de0  WinRM - ok
22:24:23.0936 0x1de0  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
22:24:23.0938 0x1de0  WinUsb - ok
22:24:24.0023 0x1de0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
22:24:24.0052 0x1de0  Wlansvc - ok
22:24:24.0193 0x1de0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:24:24.0196 0x1de0  wlcrasvc - ok
22:24:24.0341 0x1de0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:24.0404 0x1de0  wlidsvc - ok
22:24:24.0426 0x1de0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
22:24:24.0428 0x1de0  WmiAcpi - ok
22:24:24.0466 0x1de0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:24:24.0473 0x1de0  wmiApSrv - ok
22:24:24.0521 0x1de0  WMPNetworkSvc - ok
22:24:24.0541 0x1de0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:24:24.0545 0x1de0  WPCSvc - ok
22:24:24.0566 0x1de0  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:24:24.0572 0x1de0  WPDBusEnum - ok
22:24:24.0598 0x1de0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:24:24.0601 0x1de0  ws2ifsl - ok
22:24:24.0632 0x1de0  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\windows\System32\wscsvc.dll
22:24:24.0638 0x1de0  wscsvc - ok
22:24:24.0700 0x1de0  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
22:24:24.0704 0x1de0  WSDPrintDevice - ok
22:24:24.0716 0x1de0  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
22:24:24.0720 0x1de0  WSDScan - ok
22:24:24.0727 0x1de0  WSearch - ok
22:24:24.0866 0x1de0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
22:24:24.0936 0x1de0  wuauserv - ok
22:24:24.0996 0x1de0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:24:25.0000 0x1de0  WudfPf - ok
22:24:25.0072 0x1de0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
22:24:25.0079 0x1de0  WUDFRd - ok
22:24:25.0120 0x1de0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:24:25.0126 0x1de0  wudfsvc - ok
22:24:25.0168 0x1de0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
22:24:25.0179 0x1de0  WwanSvc - ok
22:24:25.0250 0x1de0  [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7         C:\windows\system32\DRIVERS\yk62x64.sys
22:24:25.0263 0x1de0  yukonw7 - ok
22:24:25.0299 0x1de0  ================ Scan global ===============================
22:24:25.0337 0x1de0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:24:25.0389 0x1de0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
22:24:25.0410 0x1de0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
22:24:25.0440 0x1de0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:24:25.0471 0x1de0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
22:24:25.0482 0x1de0  [ Global ] - ok
22:24:25.0483 0x1de0  ================ Scan MBR ==================================
22:24:25.0493 0x1de0  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
22:24:26.0249 0x1de0  \Device\Harddisk0\DR0 - ok
22:24:26.0250 0x1de0  ================ Scan VBR ==================================
22:24:26.0254 0x1de0  [ 4E8549894B8DF3BBE00E0A023BCA47FD ] \Device\Harddisk0\DR0\Partition1
22:24:26.0257 0x1de0  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
22:24:26.0257 0x1de0  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
22:24:28.0975 0x1de0  [ 73E7D74CACD2B859333F6FB3B872D99E ] \Device\Harddisk0\DR0\Partition2
22:24:28.0976 0x1de0  \Device\Harddisk0\DR0\Partition2 - ok
22:24:28.0982 0x1de0  [ BE94BF7079AF0499F6FFBB1062164460 ] \Device\Harddisk0\DR0\Partition3
22:24:28.0984 0x1de0  \Device\Harddisk0\DR0\Partition3 - ok
22:24:28.0986 0x1de0  ================ Scan generic autorun ======================
22:24:29.0390 0x1de0  [ 1E1FDBB3DF6EAE61984AEBC213271175, FA92FD4BBC60A3795FCAC90EC8A64A10E8C665A22B4B40F531685A043642C11E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:24:29.0773 0x1de0  RtHDVCpl - ok
22:24:29.0786 0x1de0  SynTPEnh - ok
22:24:29.0789 0x1de0  IgfxTray - ok
22:24:29.0791 0x1de0  HotKeysCmds - ok
22:24:29.0795 0x1de0  Persistence - ok
22:24:29.0850 0x1de0  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
22:24:29.0859 0x1de0  UpdateLBPShortCut - ok
22:24:29.0976 0x1de0  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
22:24:29.0998 0x1de0  mcpltui_exe - ok
22:24:30.0118 0x1de0  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:24:30.0146 0x1de0  Adobe ARM - ok
22:24:30.0184 0x1de0  CitrixReceiver - ok
22:24:30.0276 0x1de0  [ 2EBE05FD8ECBA5F230FC26E534E91A11, B8E85D51BD4E6C0D4D447DFA327EAA0AE4A33F04F42063A58122153933C1770E ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
22:24:30.0295 0x1de0  ConnectionCenter - ok
22:24:30.0327 0x1de0  [ 17D9622BFE68386E8C647C4C7F8FEA3E, 50F943F2E47512DCE61A9EBB188361CB71CACC74D9397FA1367AB7112F2C7A09 ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
22:24:30.0332 0x1de0  Redirector - ok
22:24:30.0395 0x1de0  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:24:30.0410 0x1de0  QuickTime Task - ok
22:24:30.0481 0x1de0  [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:24:30.0490 0x1de0  SunJavaUpdateSched - ok
22:24:30.0583 0x1de0  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:24:30.0617 0x1de0  Sidebar - ok
22:24:30.0639 0x1de0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:24:30.0643 0x1de0  mctadmin - ok
22:24:30.0704 0x1de0  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:24:30.0732 0x1de0  Sidebar - ok
22:24:30.0750 0x1de0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:24:30.0754 0x1de0  mctadmin - ok
22:24:30.0808 0x1de0  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:24:30.0810 0x1de0  swg - ok
22:24:30.0813 0x1de0  Waiting for KSN requests completion. In queue: 79
22:24:31.0813 0x1de0  Waiting for KSN requests completion. In queue: 13
22:24:32.0813 0x1de0  Waiting for KSN requests completion. In queue: 13
22:24:34.0042 0x1de0  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
22:24:34.0048 0x1de0  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
22:24:36.0735 0x1de0  ============================================================
22:24:36.0735 0x1de0  Scan finished
22:24:36.0735 0x1de0  ============================================================
22:24:36.0746 0x1914  Detected object count: 1
22:24:36.0746 0x1914  Actual detected object count: 1
22:24:49.0252 0x1914  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
22:24:49.0252 0x1914  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip 
 
 
 
 
 

FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Boris (administrator) on BORIS-PC on 07-09-2014 22:27:56
Running from C:\Users\Boris\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(DoctorSoft) C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Users\Boris\Downloads\tdsskiller.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => H.EXE
HKLM\...\Run: [IgfxTray] => DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] => DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] => DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3227352410-2182359678-1881265499-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {87FD9019-EAC7-4D40-9F14-05C635DD8084} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB128&p={SearchTerms}
SearchScopes: HKCU - {87FD9019-EAC7-4D40-9F14-05C635DD8084} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB128&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-02-20]
 
Chrome: 
=======
CHR HomePage: Default -> 1F196D44999D1648CBE47BEDC9F0F05E23C3D5EC2096D213D69DCCDDCB175D2B
CHR DefaultSearchKeyword: Default -> D43074F5D987A04776EF91F3A2758CD4A050F7BD3F6880C826C64EDED5CB4BB8
CHR DefaultSearchProvider: Default -> BC934B8A4E907E01C2A498164CF934D19658F4E47ECA4E9DE2DF1A1B3D5C39EE
CHR DefaultSearchURL: Default -> C6F8F9708BBF12412B4C7BF6B8D7A767BF919BED5ED7501A059D9847593C8C9C
CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (SiteAdvisor) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2014-02-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-30] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-07-08] (Windows ® 2003 DDK 3790 provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 22:27 - 2014-09-07 22:28 - 00028268 _____ () C:\Users\Boris\Downloads\FRST.txt
2014-09-07 22:27 - 2014-09-07 22:28 - 00000000 ____D () C:\FRST
2014-09-07 22:26 - 2014-09-07 22:26 - 02105344 _____ (Farbar) C:\Users\Boris\Downloads\FRST64.exe
2014-09-07 22:26 - 2014-09-07 22:26 - 01097728 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe
2014-09-07 22:11 - 2014-09-07 22:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Boris\Downloads\tdsskiller.exe
2014-09-07 21:49 - 2014-09-07 21:49 - 00014766 _____ () C:\Users\Boris\Downloads\pointfree.zip
2014-09-07 21:29 - 2014-09-07 21:29 - 00002194 _____ () C:\Users\Boris\Desktop\dds.txt
2014-09-07 21:25 - 2014-09-07 21:25 - 00002194 _____ () C:\Users\Boris\Desktop\attach.txt
2014-09-07 21:21 - 2014-09-07 21:22 - 00688992 ____R (Swearware) C:\Users\Boris\Downloads\dds.com
2014-09-06 23:58 - 2014-09-07 21:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 23:57 - 2014-09-06 23:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-06 23:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-06 23:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-06 21:19 - 2014-09-06 21:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-06 21:19 - 2014-09-06 21:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-06 21:19 - 2014-09-06 21:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-06 21:19 - 2014-09-06 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 15:17 - 2014-08-27 15:17 - 328440983 _____ () C:\windows\MEMORY.DMP
2014-08-27 15:17 - 2014-08-27 15:17 - 00278960 _____ () C:\windows\Minidump\082714-31980-01.dmp
2014-08-26 13:52 - 2014-08-26 13:52 - 00000000 ____D () C:\Users\Boris\AppData\Local\ysaktgpo
2014-08-26 13:11 - 2014-08-27 15:17 - 00000000 ____D () C:\windows\Minidump
2014-08-23 13:19 - 2014-08-24 12:00 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-23 13:19 - 2014-08-24 12:00 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-23 13:16 - 2014-08-27 21:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-15 12:03 - 2014-08-15 12:03 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-14 12:09 - 2014-08-07 02:52 - 00526848 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 12:09 - 2014-08-07 02:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-11 12:19 - 2014-08-11 12:19 - 00000000 _____ () C:\Users\Boris\AppData\Local\{76634EA7-4649-4A69-BFD8-745A6ECAA412}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-07 22:28 - 2014-09-07 22:27 - 00028268 _____ () C:\Users\Boris\Downloads\FRST.txt
2014-09-07 22:28 - 2014-09-07 22:27 - 00000000 ____D () C:\FRST
2014-09-07 22:26 - 2014-09-07 22:26 - 02105344 _____ (Farbar) C:\Users\Boris\Downloads\FRST64.exe
2014-09-07 22:26 - 2014-09-07 22:26 - 01097728 _____ (Farbar) C:\Users\Boris\Downloads\FRST.exe
2014-09-07 22:11 - 2014-09-07 22:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Boris\Downloads\tdsskiller.exe
2014-09-07 22:04 - 2009-07-14 05:51 - 00229991 _____ () C:\windows\setupact.log
2014-09-07 21:54 - 2011-01-01 20:39 - 00116768 _____ () C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 21:50 - 2011-01-01 21:24 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 21:49 - 2014-09-07 21:49 - 00014766 _____ () C:\Users\Boris\Downloads\pointfree.zip
2014-09-07 21:46 - 2012-03-28 21:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 21:37 - 2014-09-06 23:58 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 21:29 - 2014-09-07 21:29 - 00002194 _____ () C:\Users\Boris\Desktop\dds.txt
2014-09-07 21:25 - 2014-09-07 21:25 - 00002194 _____ () C:\Users\Boris\Desktop\attach.txt
2014-09-07 21:22 - 2014-09-07 21:21 - 00688992 ____R (Swearware) C:\Users\Boris\Downloads\dds.com
2014-09-07 21:10 - 2010-04-27 10:51 - 01333221 _____ () C:\windows\WindowsUpdate.log
2014-09-07 20:53 - 2009-07-14 05:45 - 00020032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 20:53 - 2009-07-14 05:45 - 00020032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 20:50 - 2013-02-20 18:02 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-09-07 20:50 - 2013-02-20 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-07 20:48 - 2011-05-27 19:04 - 00000000 __RSD () C:\Users\Boris\Documents\McAfee Vaults
2014-09-07 20:44 - 2011-01-01 21:24 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-07 12:05 - 2010-04-27 11:42 - 00872848 _____ () C:\windows\PFRO.log
2014-09-06 23:57 - 2014-09-06 23:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 23:51 - 2011-05-27 19:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-06 21:22 - 2014-09-06 21:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-06 21:21 - 2014-09-06 21:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-06 21:21 - 2014-09-06 21:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-06 21:20 - 2014-09-06 21:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 18:43 - 2011-05-27 19:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-27 21:37 - 2014-07-11 17:14 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-27 21:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-27 21:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-08-27 21:36 - 2014-08-23 13:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-27 21:36 - 2011-08-22 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 21:36 - 2011-08-17 16:13 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-27 21:36 - 2011-08-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-27 21:36 - 2011-01-01 20:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 21:36 - 2010-04-27 11:03 - 00000000 ____D () C:\ProgramData\WinClon
2014-08-27 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-08-27 21:31 - 2011-08-02 20:19 - 00000000 ____D () C:\ProgramData\Real
2014-08-27 15:39 - 2011-01-01 20:24 - 00000000 ____D () C:\Users\Boris
2014-08-27 15:17 - 2014-08-27 15:17 - 328440983 _____ () C:\windows\MEMORY.DMP
2014-08-27 15:17 - 2014-08-27 15:17 - 00278960 _____ () C:\windows\Minidump\082714-31980-01.dmp
2014-08-27 15:17 - 2014-08-26 13:11 - 00000000 ____D () C:\windows\Minidump
2014-08-26 13:52 - 2014-08-26 13:52 - 00000000 ____D () C:\Users\Boris\AppData\Local\ysaktgpo
2014-08-26 13:16 - 2011-03-22 20:15 - 00000000 ____D () C:\Users\Boris\AppData\Local\Windows Live
2014-08-25 13:47 - 2013-03-30 21:35 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\RealNetworks
2014-08-25 06:53 - 2014-01-06 19:05 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-25 00:02 - 2011-01-01 21:19 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{72665FDA-3656-47E5-9240-ED7EE6CE202F}
2014-08-24 13:08 - 2011-08-02 20:17 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Real
2014-08-24 12:55 - 2013-11-22 12:16 - 00003304 _____ () C:\windows\IE11_main.log
2014-08-24 12:00 - 2014-08-23 13:19 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-24 12:00 - 2014-08-23 13:19 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-14 12:12 - 2013-07-15 19:02 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 12:00 - 2011-01-01 21:32 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-11 12:19 - 2014-08-11 12:19 - 00000000 _____ () C:\Users\Boris\AppData\Local\{76634EA7-4649-4A69-BFD8-745A6ECAA412}
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3227352410-2182359678-1881265499-1001\$05dac9abb08d22e7c0fb7e669ec35973
 
Some content of TEMP:
====================
C:\Users\Boris\AppData\Local\Temp\c42ofpd1.dll
C:\Users\Boris\AppData\Local\Temp\contentDATs.exe
C:\Users\Boris\AppData\Local\Temp\cxabvijl.dll
C:\Users\Boris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Boris\AppData\Local\Temp\lowproc.exe
C:\Users\Boris\AppData\Local\Temp\ose00000.exe
C:\Users\Boris\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Boris\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 13:20
 
==================== End Of Log ============================
 
 
Additions.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Boris at 2014-09-07 22:29:29
Running from C:\Users\Boris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AnyPC Client (HKLM-x32\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Basic Operation Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Bog) (Version:  - )
BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bing Bar (HKLM-x32\...\{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}) (Version: 7.0.614.0 - Microsoft Corporation)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2806 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3108a - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3625 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Driver Wizard v3.0 (HKLM-x32\...\Driver Wizard_is1) (Version: 3.0 - DriverWizard)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LegionArena (HKLM-x32\...\{4CA9839A-F660-4F7F-BD45-F466512ECE20}) (Version: 1.0100 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Netg) (Version:  - )
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1201.78 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.66 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.66 - Trusteer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
User's Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Useg) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-08-2014 11:05:11 Windows Update
14-08-2014 10:56:21 Windows Update
14-08-2014 15:53:08 Windows Update
18-08-2014 11:12:13 Windows Backup
19-08-2014 10:43:06 Windows Update
22-08-2014 11:23:26 Windows Update
24-08-2014 22:01:45 Windows Defender Checkpoint
25-08-2014 12:31:42 Restore Operation
27-08-2014 11:57:01 Windows Update
06-09-2014 15:59:25 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04972B7F-088B-481D-A881-872B64DA93A6} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {0D8F5343-5D69-43EE-8035-E00DC04BEEC8} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {237BC936-0C77-415F-8996-C13051E5CF4F} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {5508720B-B3F9-4F41-A747-6739B4AECE7A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {5C971CF6-C1BB-4E12-A1BE-FB6D04A24C21} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-01-12] (Samsung Electronics Co., Ltd.)
Task: {5F568636-82BE-403A-BFA4-CE475EDB8AE8} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {7CDBA807-EC69-471E-8550-4A0767F4BF52} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7E1D7DEB-BEC7-4801-94C8-0F612682335F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {84F2105F-0E70-437B-A1B7-091362BB7316} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {9366CCE6-23A9-4950-A67F-E5246467F3C0} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {983647BC-56C2-4460-988E-063B2A9D5F7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A19A677C-2B52-467C-B3AF-017DBE2CF616} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AE62D99C-CF93-4D4C-B0EA-99886CCD19F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01] (Google Inc.)
Task: {B122ECC9-9476-4F43-A2D9-301B5C5396A2} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {B8ADA9C2-3EA6-4030-9F37-A915FB728C25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01] (Google Inc.)
Task: {CD898C22-D677-47A6-B443-C45E085BFD97} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DF0C4E2E-FECE-418E-908A-595ED67429C4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E7700990-85A9-47FB-A668-2FD9979D8D63} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E85450C4-37D6-47E9-BAA1-FDFF746AD125} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EFF2FD36-D968-47A2-AF34-F39B432BE62B} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-04-27 10:57 - 2009-07-07 19:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2011-11-07 22:32 - 2014-02-28 22:39 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-04-27 11:01 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-09-07 14:10 - 2014-08-30 03:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-07 14:10 - 2014-08-30 03:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-09-07 14:10 - 2014-08-30 03:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-07 14:10 - 2014-08-30 03:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-07 14:10 - 2014-08-30 03:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EpsonCustomerResearchParticipation => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\startupfolder: C:^Users^Boris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APLangApp => "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Driver Wizard => C:\Program Files (x86)\Driver Wizard\DWLauncher.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: fsi => C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Boris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
 
==================== Faulty Device Manager Devices =============
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/07/2014 09:04:05 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Backup did not complete successfully because a shadow copy could not be created. Free up disk space on the drive that you are backing up by deleting unnecessary files and then try again.
 
Error: (09/07/2014 09:03:43 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:03:24 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:03:01 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:02:43 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:02:26 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:50 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:32 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:14 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 00000000000000F0,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:00:56 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 000000000000014C,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
 
System errors:
=============
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (09/07/2014 09:03:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Microsoft Office Sessions:
=========================
Error: (09/07/2014 09:04:05 PM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: A shadow copy could not be created. Please check "VSS" and "SPP" application event logs for more information. (0x81000019)
 
Error: (09/07/2014 09:03:43 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:03:24 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:03:01 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:02:43 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:02:26 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:50 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000064,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:32 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 0000000000000060,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:01:14 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 00000000000000F0,0x0053c06c,0000000000199010,0,0000000000198000,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (09/07/2014 09:00:56 PM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(\\?\Volume{269a2eac-5267-11df-9cf9-806e6f6e6963} - 000000000000014C,0x0053c06c,0000000000198000,0,0000000000199010,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 71%
Total physical RAM: 2932.45 MB
Available physical RAM: 836.35 MB
Total Pagefile: 5864.9 MB
Available Pagefile: 2864.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:225.33 GB) (Free:168.15 GB) NTFS
Drive d: () (Fixed) (Total:225.33 GB) (Free:56.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9ED6F321)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thanks for the speedy reply - it said in the instructions not to post logs, but to attach them to the post, hence the reason I attached them :)


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 September 2014 - 04:38 PM

There's a bootkit running as suspected. Let's get rid of it:


Start TDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the threat Rootkit.Boot.Cidox.b (and only for that) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.


#5 schmoomanoo

schmoomanoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 07 September 2014 - 05:15 PM

I hope this is the right one!

 

23:04:19.0231 0x0bd4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:04:23.0416 0x0bd4  ============================================================
23:04:23.0416 0x0bd4  Current date / time: 2014/09/07 23:04:23.0416
23:04:23.0416 0x0bd4  SystemInfo:
23:04:23.0417 0x0bd4  
23:04:23.0417 0x0bd4  OS Version: 6.1.7600 ServicePack: 0.0
23:04:23.0417 0x0bd4  Product type: Workstation
23:04:23.0417 0x0bd4  ComputerName: BORIS-PC
23:04:23.0417 0x0bd4  UserName: Boris
23:04:23.0417 0x0bd4  Windows directory: C:\windows
23:04:23.0417 0x0bd4  System windows directory: C:\windows
23:04:23.0418 0x0bd4  Running under WOW64
23:04:23.0418 0x0bd4  Processor architecture: Intel x64
23:04:23.0418 0x0bd4  Number of processors: 4
23:04:23.0418 0x0bd4  Page size: 0x1000
23:04:23.0418 0x0bd4  Boot type: Normal boot
23:04:23.0418 0x0bd4  ============================================================
23:04:23.0653 0x0bd4  KLMD registered as C:\windows\system32\drivers\78964977.sys
23:04:24.0388 0x0bd4  System UUID: {76F2003A-BCEB-FC62-1748-EF8D0A7807F9}
23:04:25.0624 0x0bd4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:04:25.0632 0x0bd4  ============================================================
23:04:25.0632 0x0bd4  \Device\Harddisk0\DR0:
23:04:25.0633 0x0bd4  MBR partitions:
23:04:25.0633 0x0bd4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
23:04:25.0633 0x0bd4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1C2A9000
23:04:25.0633 0x0bd4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E0DB800, BlocksNum 0x1C2AA000
23:04:25.0633 0x0bd4  ============================================================
23:04:25.0663 0x0bd4  C: <-> \Device\Harddisk0\DR0\Partition2
23:04:25.0703 0x0bd4  D: <-> \Device\Harddisk0\DR0\Partition3
23:04:25.0703 0x0bd4  ============================================================
23:04:25.0703 0x0bd4  Initialize success
23:04:25.0704 0x0bd4  ============================================================
23:04:33.0001 0x0f84  ============================================================
23:04:33.0001 0x0f84  Scan started
23:04:33.0001 0x0f84  Mode: Manual; 
23:04:33.0001 0x0f84  ============================================================
23:04:33.0001 0x0f84  KSN ping started
23:04:35.0874 0x0f84  KSN ping finished: true
23:04:36.0827 0x0f84  ================ Scan system memory ========================
23:04:36.0827 0x0f84  System memory - ok
23:04:36.0829 0x0f84  ================ Scan services =============================
23:04:37.0067 0x0f84  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
23:04:37.0078 0x0f84  1394ohci - ok
23:04:37.0229 0x0f84  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
23:04:37.0252 0x0f84  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
23:04:37.0318 0x0f84  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
23:04:37.0328 0x0f84  ACPI - ok
23:04:37.0381 0x0f84  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\windows\system32\DRIVERS\acpipmi.sys
23:04:37.0384 0x0f84  AcpiPmi - ok
23:04:37.0512 0x0f84  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:04:37.0516 0x0f84  AdobeARMservice - ok
23:04:37.0663 0x0f84  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:37.0672 0x0f84  AdobeFlashPlayerUpdateSvc - ok
23:04:37.0746 0x0f84  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
23:04:37.0765 0x0f84  adp94xx - ok
23:04:37.0823 0x0f84  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
23:04:37.0835 0x0f84  adpahci - ok
23:04:37.0870 0x0f84  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
23:04:37.0878 0x0f84  adpu320 - ok
23:04:37.0908 0x0f84  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
23:04:37.0912 0x0f84  AeLookupSvc - ok
23:04:37.0996 0x0f84  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\windows\system32\drivers\afd.sys
23:04:38.0012 0x0f84  AFD - ok
23:04:38.0059 0x0f84  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\DRIVERS\agp440.sys
23:04:38.0062 0x0f84  agp440 - ok
23:04:38.0105 0x0f84  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
23:04:38.0109 0x0f84  ALG - ok
23:04:38.0159 0x0f84  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\DRIVERS\aliide.sys
23:04:38.0161 0x0f84  aliide - ok
23:04:38.0168 0x0f84  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\DRIVERS\amdide.sys
23:04:38.0170 0x0f84  amdide - ok
23:04:38.0178 0x0f84  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
23:04:38.0182 0x0f84  AmdK8 - ok
23:04:38.0188 0x0f84  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
23:04:38.0192 0x0f84  AmdPPM - ok
23:04:38.0258 0x0f84  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\windows\system32\drivers\amdsata.sys
23:04:38.0263 0x0f84  amdsata - ok
23:04:38.0286 0x0f84  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
23:04:38.0293 0x0f84  amdsbs - ok
23:04:38.0304 0x0f84  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\windows\system32\drivers\amdxata.sys
23:04:38.0306 0x0f84  amdxata - ok
23:04:38.0351 0x0f84  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\windows\system32\drivers\appid.sys
23:04:38.0356 0x0f84  AppID - ok
23:04:38.0373 0x0f84  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
23:04:38.0377 0x0f84  AppIDSvc - ok
23:04:38.0394 0x0f84  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\windows\System32\appinfo.dll
23:04:38.0399 0x0f84  Appinfo - ok
23:04:38.0422 0x0f84  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
23:04:38.0427 0x0f84  arc - ok
23:04:38.0458 0x0f84  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
23:04:38.0464 0x0f84  arcsas - ok
23:04:38.0509 0x0f84  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
23:04:38.0511 0x0f84  AsyncMac - ok
23:04:38.0550 0x0f84  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
23:04:38.0552 0x0f84  atapi - ok
23:04:38.0754 0x0f84  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
23:04:38.0872 0x0f84  athr - ok
23:04:38.0960 0x0f84  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
23:04:38.0979 0x0f84  AudioEndpointBuilder - ok
23:04:39.0004 0x0f84  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\windows\System32\Audiosrv.dll
23:04:39.0022 0x0f84  AudioSrv - ok
23:04:39.0073 0x0f84  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\windows\System32\AxInstSV.dll
23:04:39.0079 0x0f84  AxInstSV - ok
23:04:39.0185 0x0f84  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
23:04:39.0203 0x0f84  b06bdrv - ok
23:04:39.0258 0x0f84  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
23:04:39.0283 0x0f84  b57nd60a - ok
23:04:39.0377 0x0f84  [ DBF43DB0C648DB9101D61041E00DF5C4, 6E264D9A825F4098EBD4C5D2E213973B010A97C057AEA30AEB03D2C3914BC943 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:04:39.0386 0x0f84  BBSvc - ok
23:04:39.0424 0x0f84  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
23:04:39.0429 0x0f84  BDESVC - ok
23:04:39.0481 0x0f84  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
23:04:39.0482 0x0f84  Beep - ok
23:04:39.0561 0x0f84  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\windows\System32\bfe.dll
23:04:39.0591 0x0f84  BFE - ok
23:04:39.0682 0x0f84  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\windows\System32\qmgr.dll
23:04:39.0723 0x0f84  BITS - ok
23:04:39.0786 0x0f84  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
23:04:39.0790 0x0f84  blbdrive - ok
23:04:39.0843 0x0f84  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\windows\system32\DRIVERS\bowser.sys
23:04:39.0847 0x0f84  bowser - ok
23:04:39.0895 0x0f84  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
23:04:39.0897 0x0f84  BrFiltLo - ok
23:04:39.0901 0x0f84  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
23:04:39.0904 0x0f84  BrFiltUp - ok
23:04:39.0957 0x0f84  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\windows\System32\browser.dll
23:04:39.0964 0x0f84  Browser - ok
23:04:40.0012 0x0f84  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
23:04:40.0021 0x0f84  Brserid - ok
23:04:40.0040 0x0f84  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
23:04:40.0043 0x0f84  BrSerWdm - ok
23:04:40.0052 0x0f84  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
23:04:40.0054 0x0f84  BrUsbMdm - ok
23:04:40.0059 0x0f84  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
23:04:40.0061 0x0f84  BrUsbSer - ok
23:04:40.0068 0x0f84  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
23:04:40.0072 0x0f84  BTHMODEM - ok
23:04:40.0122 0x0f84  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
23:04:40.0126 0x0f84  bthserv - ok
23:04:40.0139 0x0f84  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
23:04:40.0143 0x0f84  cdfs - ok
23:04:40.0214 0x0f84  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
23:04:40.0219 0x0f84  cdrom - ok
23:04:40.0266 0x0f84  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\windows\System32\certprop.dll
23:04:40.0271 0x0f84  CertPropSvc - ok
23:04:40.0381 0x0f84  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\windows\system32\drivers\cfwids.sys
23:04:40.0384 0x0f84  cfwids - ok
23:04:40.0441 0x0f84  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
23:04:40.0444 0x0f84  circlass - ok
23:04:40.0499 0x0f84  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
23:04:40.0515 0x0f84  CLFS - ok
23:04:40.0581 0x0f84  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:40.0585 0x0f84  clr_optimization_v2.0.50727_32 - ok
23:04:40.0635 0x0f84  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:04:40.0639 0x0f84  clr_optimization_v2.0.50727_64 - ok
23:04:40.0741 0x0f84  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:40.0747 0x0f84  clr_optimization_v4.0.30319_32 - ok
23:04:40.0802 0x0f84  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:04:40.0808 0x0f84  clr_optimization_v4.0.30319_64 - ok
23:04:40.0867 0x0f84  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
23:04:40.0869 0x0f84  CmBatt - ok
23:04:40.0888 0x0f84  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\DRIVERS\cmdide.sys
23:04:40.0890 0x0f84  cmdide - ok
23:04:40.0946 0x0f84  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\windows\system32\Drivers\cng.sys
23:04:40.0958 0x0f84  CNG - ok
23:04:41.0021 0x0f84  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
23:04:41.0022 0x0f84  Compbatt - ok
23:04:41.0076 0x0f84  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
23:04:41.0078 0x0f84  CompositeBus - ok
23:04:41.0107 0x0f84  COMSysApp - ok
23:04:41.0139 0x0f84  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
23:04:41.0141 0x0f84  crcdisk - ok
23:04:41.0213 0x0f84  [ 0D7F96AF026D7C1AFDE2A83980A65018, 5CDC0F105F8296974DF8F843A20121B8FFCE78D34AF628DA3C1E1349655F1FA3 ] CryptOSD        C:\windows\system32\DRIVERS\CryptOSD.sys
23:04:41.0226 0x0f84  CryptOSD - ok
23:04:41.0272 0x0f84  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\windows\system32\cryptsvc.dll
23:04:41.0279 0x0f84  CryptSvc - ok
23:04:41.0353 0x0f84  [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm         C:\windows\system32\DRIVERS\ctxusbm.sys
23:04:41.0357 0x0f84  ctxusbm - ok
23:04:41.0439 0x0f84  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\windows\system32\rpcss.dll
23:04:41.0457 0x0f84  DcomLaunch - ok
23:04:41.0503 0x0f84  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
23:04:41.0514 0x0f84  defragsvc - ok
23:04:41.0542 0x0f84  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\windows\system32\Drivers\dfsc.sys
23:04:41.0545 0x0f84  DfsC - ok
23:04:41.0593 0x0f84  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\windows\system32\dhcpcore.dll
23:04:41.0603 0x0f84  Dhcp - ok
23:04:41.0681 0x0f84  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
23:04:41.0684 0x0f84  discache - ok
23:04:41.0737 0x0f84  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
23:04:41.0740 0x0f84  Disk - ok
23:04:41.0826 0x0f84  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\windows\System32\dnsrslvr.dll
23:04:41.0833 0x0f84  Dnscache - ok
23:04:41.0886 0x0f84  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\windows\System32\dot3svc.dll
23:04:41.0895 0x0f84  dot3svc - ok
23:04:41.0924 0x0f84  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\windows\system32\dps.dll
23:04:41.0931 0x0f84  DPS - ok
23:04:41.0982 0x0f84  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
23:04:41.0984 0x0f84  drmkaud - ok
23:04:42.0066 0x0f84  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
23:04:42.0097 0x0f84  DXGKrnl - ok
23:04:42.0161 0x0f84  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
23:04:42.0167 0x0f84  EapHost - ok
23:04:42.0339 0x0f84  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
23:04:42.0482 0x0f84  ebdrv - ok
23:04:42.0537 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\windows\System32\lsass.exe
23:04:42.0540 0x0f84  EFS - ok
23:04:42.0612 0x0f84  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
23:04:42.0632 0x0f84  ehRecvr - ok
23:04:42.0668 0x0f84  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
23:04:42.0674 0x0f84  ehSched - ok
23:04:42.0747 0x0f84  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
23:04:42.0770 0x0f84  elxstor - ok
23:04:42.0841 0x0f84  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
23:04:42.0846 0x0f84  EpsonBidirectionalService - ok
23:04:42.0927 0x0f84  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\windows\system32\EscSvc64.exe
23:04:42.0933 0x0f84  EpsonScanSvc - ok
23:04:42.0940 0x0f84  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\DRIVERS\errdev.sys
23:04:42.0942 0x0f84  ErrDev - ok
23:04:43.0021 0x0f84  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
23:04:43.0032 0x0f84  EventSystem - ok
23:04:43.0074 0x0f84  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
23:04:43.0081 0x0f84  exfat - ok
23:04:43.0101 0x0f84  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
23:04:43.0108 0x0f84  fastfat - ok
23:04:43.0173 0x0f84  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\windows\system32\fxssvc.exe
23:04:43.0191 0x0f84  Fax - ok
23:04:43.0222 0x0f84  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
23:04:43.0225 0x0f84  fdc - ok
23:04:43.0272 0x0f84  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
23:04:43.0275 0x0f84  fdPHost - ok
23:04:43.0293 0x0f84  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
23:04:43.0296 0x0f84  FDResPub - ok
23:04:43.0350 0x0f84  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
23:04:43.0354 0x0f84  FileInfo - ok
23:04:43.0367 0x0f84  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
23:04:43.0369 0x0f84  Filetrace - ok
23:04:43.0406 0x0f84  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
23:04:43.0409 0x0f84  flpydisk - ok
23:04:43.0432 0x0f84  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
23:04:43.0442 0x0f84  FltMgr - ok
23:04:43.0507 0x0f84  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\windows\system32\FntCache.dll
23:04:43.0540 0x0f84  FontCache - ok
23:04:43.0588 0x0f84  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:04:43.0591 0x0f84  FontCache3.0.0.0 - ok
23:04:43.0611 0x0f84  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
23:04:43.0614 0x0f84  FsDepends - ok
23:04:43.0677 0x0f84  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
23:04:43.0681 0x0f84  fssfltr - ok
23:04:43.0844 0x0f84  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:04:43.0888 0x0f84  fsssvc - ok
23:04:43.0959 0x0f84  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
23:04:43.0962 0x0f84  Fs_Rec - ok
23:04:44.0015 0x0f84  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
23:04:44.0025 0x0f84  fvevol - ok
23:04:44.0099 0x0f84  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
23:04:44.0103 0x0f84  gagp30kx - ok
23:04:44.0174 0x0f84  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\windows\System32\gpsvc.dll
23:04:44.0196 0x0f84  gpsvc - ok
23:04:44.0342 0x0f84  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:04:44.0346 0x0f84  gupdate - ok
23:04:44.0395 0x0f84  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:04:44.0400 0x0f84  gupdatem - ok
23:04:44.0452 0x0f84  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:04:44.0459 0x0f84  gusvc - ok
23:04:44.0478 0x0f84  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
23:04:44.0481 0x0f84  hcw85cir - ok
23:04:44.0534 0x0f84  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
23:04:44.0546 0x0f84  HdAudAddService - ok
23:04:44.0586 0x0f84  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
23:04:44.0591 0x0f84  HDAudBus - ok
23:04:44.0608 0x0f84  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
23:04:44.0610 0x0f84  HidBatt - ok
23:04:44.0625 0x0f84  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
23:04:44.0630 0x0f84  HidBth - ok
23:04:44.0682 0x0f84  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
23:04:44.0685 0x0f84  HidIr - ok
23:04:44.0709 0x0f84  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
23:04:44.0713 0x0f84  hidserv - ok
23:04:44.0752 0x0f84  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
23:04:44.0755 0x0f84  HidUsb - ok
23:04:44.0848 0x0f84  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\windows\system32\drivers\HipShieldK.sys
23:04:44.0855 0x0f84  HipShieldK - ok
23:04:44.0907 0x0f84  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\windows\system32\kmsvc.dll
23:04:44.0913 0x0f84  hkmsvc - ok
23:04:44.0931 0x0f84  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\windows\system32\ListSvc.dll
23:04:44.0940 0x0f84  HomeGroupListener - ok
23:04:44.0976 0x0f84  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\windows\system32\provsvc.dll
23:04:44.0983 0x0f84  HomeGroupProvider - ok
23:04:45.0178 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:45.0190 0x0f84  HomeNetSvc - ok
23:04:45.0240 0x0f84  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\windows\system32\DRIVERS\HpSAMD.sys
23:04:45.0244 0x0f84  HpSAMD - ok
23:04:45.0293 0x0f84  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\windows\system32\Drivers\ANDROIDUSB.sys
23:04:45.0296 0x0f84  HTCAND64 - ok
23:04:45.0368 0x0f84  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\windows\system32\drivers\HTTP.sys
23:04:45.0395 0x0f84  HTTP - ok
23:04:45.0433 0x0f84  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
23:04:45.0435 0x0f84  hwpolicy - ok
23:04:45.0482 0x0f84  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
23:04:45.0487 0x0f84  i8042prt - ok
23:04:45.0563 0x0f84  [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
23:04:45.0577 0x0f84  iaStor - ok
23:04:45.0655 0x0f84  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
23:04:45.0671 0x0f84  iaStorV - ok
23:04:45.0740 0x0f84  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:04:45.0765 0x0f84  idsvc - ok
23:04:46.0345 0x0f84  [ 09CE164AFA8483E41808784D7FCA154E, 43557E44C8339469BD34B54D2080AF041356F0201A7ECA3A6EEEA9C9C7D78F87 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
23:04:46.0763 0x0f84  igfx - ok
23:04:46.0868 0x0f84  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
23:04:46.0881 0x0f84  iirsp - ok
23:04:46.0994 0x0f84  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\windows\System32\ikeext.dll
23:04:47.0021 0x0f84  IKEEXT - ok
23:04:47.0073 0x0f84  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
23:04:47.0080 0x0f84  Impcd - ok
23:04:47.0235 0x0f84  [ 801946CE25DD2179FE68599826B0BB88, 4C9D10303DF1EC005693DD28220A9C5B87DD32244112BA1F09D8AD0CF7D311DC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
23:04:47.0298 0x0f84  IntcAzAudAddService - ok
23:04:47.0372 0x0f84  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
23:04:47.0382 0x0f84  IntcDAud - ok
23:04:47.0401 0x0f84  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\DRIVERS\intelide.sys
23:04:47.0403 0x0f84  intelide - ok
23:04:47.0452 0x0f84  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
23:04:47.0455 0x0f84  intelppm - ok
23:04:47.0500 0x0f84  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
23:04:47.0505 0x0f84  IPBusEnum - ok
23:04:47.0549 0x0f84  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
23:04:47.0553 0x0f84  IpFilterDriver - ok
23:04:47.0604 0x0f84  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
23:04:47.0619 0x0f84  iphlpsvc - ok
23:04:47.0674 0x0f84  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\windows\system32\DRIVERS\IPMIDrv.sys
23:04:47.0678 0x0f84  IPMIDRV - ok
23:04:47.0686 0x0f84  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
23:04:47.0692 0x0f84  IPNAT - ok
23:04:47.0733 0x0f84  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
23:04:47.0735 0x0f84  IRENUM - ok
23:04:47.0740 0x0f84  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
23:04:47.0742 0x0f84  isapnp - ok
23:04:47.0766 0x0f84  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
23:04:47.0774 0x0f84  iScsiPrt - ok
23:04:47.0792 0x0f84  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
23:04:47.0794 0x0f84  kbdclass - ok
23:04:47.0816 0x0f84  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
23:04:47.0818 0x0f84  kbdhid - ok
23:04:47.0848 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\windows\system32\lsass.exe
23:04:47.0851 0x0f84  KeyIso - ok
23:04:47.0889 0x0f84  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
23:04:47.0893 0x0f84  KSecDD - ok
23:04:47.0941 0x0f84  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
23:04:47.0948 0x0f84  KSecPkg - ok
23:04:47.0974 0x0f84  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
23:04:47.0977 0x0f84  ksthunk - ok
23:04:48.0021 0x0f84  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
23:04:48.0037 0x0f84  KtmRm - ok
23:04:48.0107 0x0f84  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\windows\system32\srvsvc.dll
23:04:48.0115 0x0f84  LanmanServer - ok
23:04:48.0154 0x0f84  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
23:04:48.0160 0x0f84  LanmanWorkstation - ok
23:04:48.0217 0x0f84  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
23:04:48.0221 0x0f84  lltdio - ok
23:04:48.0263 0x0f84  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
23:04:48.0274 0x0f84  lltdsvc - ok
23:04:48.0288 0x0f84  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
23:04:48.0291 0x0f84  lmhosts - ok
23:04:48.0341 0x0f84  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
23:04:48.0346 0x0f84  LSI_FC - ok
23:04:48.0353 0x0f84  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
23:04:48.0358 0x0f84  LSI_SAS - ok
23:04:48.0364 0x0f84  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
23:04:48.0368 0x0f84  LSI_SAS2 - ok
23:04:48.0377 0x0f84  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
23:04:48.0382 0x0f84  LSI_SCSI - ok
23:04:48.0400 0x0f84  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
23:04:48.0404 0x0f84  luafv - ok
23:04:48.0457 0x0f84  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
23:04:48.0460 0x0f84  MBAMProtector - ok
23:04:48.0579 0x0f84  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:04:48.0625 0x0f84  MBAMScheduler - ok
23:04:48.0729 0x0f84  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:04:48.0758 0x0f84  MBAMService - ok
23:04:48.0857 0x0f84  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\windows\system32\drivers\MBAMSwissArmy.sys
23:04:48.0862 0x0f84  MBAMSwissArmy - ok
23:04:48.0886 0x0f84  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
23:04:48.0890 0x0f84  MBAMWebAccessControl - ok
23:04:49.0001 0x0f84  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:04:49.0008 0x0f84  McAfee SiteAdvisor Service - ok
23:04:49.0131 0x0f84  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
23:04:49.0142 0x0f84  McAPExe - ok
23:04:49.0322 0x0f84  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
23:04:49.0338 0x0f84  McComponentHostService - ok
23:04:49.0433 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:49.0445 0x0f84  McMPFSvc - ok
23:04:49.0483 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:49.0494 0x0f84  McNaiAnn - ok
23:04:49.0588 0x0f84  [ 7F8446D8AD9161B34DC7C209FB148A5A, 26B07EB138992586FC410849172A63ACC26D99ED59B568EFF9C93ED2EB129453 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
23:04:49.0608 0x0f84  McODS - ok
23:04:49.0677 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:49.0687 0x0f84  mcpltsvc - ok
23:04:49.0728 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:49.0738 0x0f84  McProxy - ok
23:04:49.0801 0x0f84  [ F4BE81C919FC0A012F5357E3911D4B67, 8FC3D787A1FACE8022D9BF1A4B024E313F8FD7535696D5E868DC2839E3B76E72 ] McPvDrv         C:\windows\system32\drivers\McPvDrv.sys
23:04:49.0807 0x0f84  McPvDrv - ok
23:04:49.0867 0x0f84  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
23:04:49.0874 0x0f84  Mcx2Svc - ok
23:04:49.0893 0x0f84  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
23:04:49.0897 0x0f84  megasas - ok
23:04:49.0942 0x0f84  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
23:04:49.0955 0x0f84  MegaSR - ok
23:04:50.0063 0x0f84  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
23:04:50.0071 0x0f84  mfeapfk - ok
23:04:50.0132 0x0f84  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
23:04:50.0143 0x0f84  mfeavfk - ok
23:04:50.0281 0x0f84  [ 28E4FB2E9918C2E680BE9FD8E130471C, DFD1738F2CC0743F2CD9754CAFFFFC4D38590AF8AD2E1159F8FEAC9E9922E4B8 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
23:04:50.0307 0x0f84  mfecore - ok
23:04:50.0441 0x0f84  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:04:50.0455 0x0f84  mfefire - ok
23:04:50.0561 0x0f84  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\windows\system32\drivers\mfefirek.sys
23:04:50.0582 0x0f84  mfefirek - ok
23:04:50.0681 0x0f84  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
23:04:50.0703 0x0f84  mfehidk - ok
23:04:50.0808 0x0f84  [ 6CD9133BC4B5DF25FB8BCBC382C8466F, F3C938D1EDD61EE1B227112CB027804E0AAD16CBCDD67EEE1D8EAABDFC996BA1 ] mfencbdc        C:\windows\system32\DRIVERS\mfencbdc.sys
23:04:50.0821 0x0f84  mfencbdc - ok
23:04:50.0858 0x0f84  [ 408DC249009CDB3C9B299716C861C64B, 3EFBFA8EE857CBF4C6A29E0D1DA38EB21B57D5BA1F6CC544503CA8253E9BFF12 ] mfencrk         C:\windows\system32\DRIVERS\mfencrk.sys
23:04:50.0861 0x0f84  mfencrk - ok
23:04:50.0951 0x0f84  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\windows\system32\mfevtps.exe
23:04:50.0960 0x0f84  mfevtp - ok
23:04:51.0015 0x0f84  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
23:04:51.0028 0x0f84  mfewfpk - ok
23:04:51.0084 0x0f84  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
23:04:51.0088 0x0f84  MMCSS - ok
23:04:51.0126 0x0f84  [ 8CC001C65C31633171991FA72A551D43, F256EED72C712C2B5C1DB6DE31DA52609EC0E47EB869E7BC0B70B286593A96DB ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
23:04:51.0132 0x0f84  MOBKbackup - ok
23:04:51.0169 0x0f84  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF, D949CACB9EF881194B06A961071938F57F3AD57EBB5440B6E7F0B340757641BD ] MOBKFilter      C:\windows\system32\DRIVERS\MOBK.sys
23:04:51.0173 0x0f84  MOBKFilter - ok
23:04:51.0190 0x0f84  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
23:04:51.0193 0x0f84  Modem - ok
23:04:51.0238 0x0f84  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
23:04:51.0241 0x0f84  monitor - ok
23:04:51.0285 0x0f84  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
23:04:51.0288 0x0f84  mouclass - ok
23:04:51.0324 0x0f84  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
23:04:51.0328 0x0f84  mouhid - ok
23:04:51.0344 0x0f84  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
23:04:51.0349 0x0f84  mountmgr - ok
23:04:51.0377 0x0f84  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\windows\system32\DRIVERS\mpio.sys
23:04:51.0383 0x0f84  mpio - ok
23:04:51.0422 0x0f84  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
23:04:51.0427 0x0f84  mpsdrv - ok
23:04:51.0483 0x0f84  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\windows\system32\mpssvc.dll
23:04:51.0504 0x0f84  MpsSvc - ok
23:04:51.0530 0x0f84  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
23:04:51.0536 0x0f84  MRxDAV - ok
23:04:51.0569 0x0f84  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
23:04:51.0576 0x0f84  mrxsmb - ok
23:04:51.0613 0x0f84  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
23:04:51.0624 0x0f84  mrxsmb10 - ok
23:04:51.0649 0x0f84  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
23:04:51.0654 0x0f84  mrxsmb20 - ok
23:04:51.0672 0x0f84  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
23:04:51.0675 0x0f84  msahci - ok
23:04:51.0700 0x0f84  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\windows\system32\DRIVERS\msdsm.sys
23:04:51.0705 0x0f84  msdsm - ok
23:04:51.0731 0x0f84  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
23:04:51.0737 0x0f84  MSDTC - ok
23:04:51.0758 0x0f84  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
23:04:51.0761 0x0f84  Msfs - ok
23:04:51.0781 0x0f84  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
23:04:51.0783 0x0f84  mshidkmdf - ok
23:04:51.0796 0x0f84  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\DRIVERS\msisadrv.sys
23:04:51.0800 0x0f84  msisadrv - ok
23:04:51.0887 0x0f84  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
23:04:51.0895 0x0f84  MSiSCSI - ok
23:04:51.0901 0x0f84  msiserver - ok
23:04:51.0979 0x0f84  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
23:04:51.0991 0x0f84  MSK80Service - ok
23:04:52.0039 0x0f84  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
23:04:52.0041 0x0f84  MSKSSRV - ok
23:04:52.0084 0x0f84  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
23:04:52.0086 0x0f84  MSPCLOCK - ok
23:04:52.0091 0x0f84  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
23:04:52.0093 0x0f84  MSPQM - ok
23:04:52.0133 0x0f84  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
23:04:52.0147 0x0f84  MsRPC - ok
23:04:52.0182 0x0f84  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
23:04:52.0184 0x0f84  mssmbios - ok
23:04:52.0203 0x0f84  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
23:04:52.0205 0x0f84  MSTEE - ok
23:04:52.0210 0x0f84  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
23:04:52.0212 0x0f84  MTConfig - ok
23:04:52.0268 0x0f84  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
23:04:52.0272 0x0f84  Mup - ok
23:04:52.0306 0x0f84  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\windows\system32\qagentRT.dll
23:04:52.0319 0x0f84  napagent - ok
23:04:52.0381 0x0f84  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
23:04:52.0393 0x0f84  NativeWifiP - ok
23:04:52.0462 0x0f84  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\windows\system32\drivers\ndis.sys
23:04:52.0490 0x0f84  NDIS - ok
23:04:52.0530 0x0f84  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
23:04:52.0533 0x0f84  NdisCap - ok
23:04:52.0589 0x0f84  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
23:04:52.0591 0x0f84  NdisTapi - ok
23:04:52.0609 0x0f84  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
23:04:52.0612 0x0f84  Ndisuio - ok
23:04:52.0630 0x0f84  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
23:04:52.0636 0x0f84  NdisWan - ok
23:04:52.0648 0x0f84  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
23:04:52.0652 0x0f84  NDProxy - ok
23:04:52.0667 0x0f84  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
23:04:52.0670 0x0f84  NetBIOS - ok
23:04:52.0693 0x0f84  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
23:04:52.0700 0x0f84  NetBT - ok
23:04:52.0715 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\windows\system32\lsass.exe
23:04:52.0717 0x0f84  Netlogon - ok
23:04:52.0754 0x0f84  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
23:04:52.0766 0x0f84  Netman - ok
23:04:52.0789 0x0f84  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
23:04:52.0801 0x0f84  netprofm - ok
23:04:52.0820 0x0f84  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:04:52.0824 0x0f84  NetTcpPortSharing - ok
23:04:52.0871 0x0f84  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
23:04:52.0874 0x0f84  nfrd960 - ok
23:04:52.0903 0x0f84  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\windows\System32\nlasvc.dll
23:04:52.0914 0x0f84  NlaSvc - ok
23:04:52.0925 0x0f84  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
23:04:52.0928 0x0f84  Npfs - ok
23:04:52.0955 0x0f84  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
23:04:52.0958 0x0f84  nsi - ok
23:04:52.0966 0x0f84  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
23:04:52.0968 0x0f84  nsiproxy - ok
23:04:53.0062 0x0f84  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
23:04:53.0108 0x0f84  Ntfs - ok
23:04:53.0144 0x0f84  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
23:04:53.0146 0x0f84  Null - ok
23:04:53.0204 0x0f84  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\windows\system32\drivers\nvraid.sys
23:04:53.0212 0x0f84  nvraid - ok
23:04:53.0231 0x0f84  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\windows\system32\drivers\nvstor.sys
23:04:53.0237 0x0f84  nvstor - ok
23:04:53.0258 0x0f84  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\DRIVERS\nv_agp.sys
23:04:53.0263 0x0f84  nv_agp - ok
23:04:53.0270 0x0f84  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
23:04:53.0274 0x0f84  ohci1394 - ok
23:04:53.0372 0x0f84  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:04:53.0380 0x0f84  ose - ok
23:04:53.0667 0x0f84  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:04:53.0787 0x0f84  osppsvc - ok
23:04:53.0926 0x0f84  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
23:04:53.0935 0x0f84  p2pimsvc - ok
23:04:53.0968 0x0f84  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
23:04:53.0980 0x0f84  p2psvc - ok
23:04:54.0014 0x0f84  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
23:04:54.0018 0x0f84  Parport - ok
23:04:54.0048 0x0f84  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\windows\system32\drivers\partmgr.sys
23:04:54.0051 0x0f84  partmgr - ok
23:04:54.0081 0x0f84  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
23:04:54.0087 0x0f84  PcaSvc - ok
23:04:54.0107 0x0f84  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\windows\system32\DRIVERS\pci.sys
23:04:54.0115 0x0f84  pci - ok
23:04:54.0124 0x0f84  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\DRIVERS\pciide.sys
23:04:54.0126 0x0f84  pciide - ok
23:04:54.0143 0x0f84  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
23:04:54.0151 0x0f84  pcmcia - ok
23:04:54.0163 0x0f84  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
23:04:54.0166 0x0f84  pcw - ok
23:04:54.0210 0x0f84  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
23:04:54.0231 0x0f84  PEAUTH - ok
23:04:54.0329 0x0f84  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
23:04:54.0333 0x0f84  PerfHost - ok
23:04:54.0417 0x0f84  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\windows\system32\pla.dll
23:04:54.0465 0x0f84  pla - ok
23:04:54.0505 0x0f84  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\windows\system32\umpnpmgr.dll
23:04:54.0520 0x0f84  PlugPlay - ok
23:04:54.0553 0x0f84  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
23:04:54.0556 0x0f84  PNRPAutoReg - ok
23:04:54.0583 0x0f84  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
23:04:54.0593 0x0f84  PNRPsvc - ok
23:04:54.0663 0x0f84  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
23:04:54.0680 0x0f84  PolicyAgent - ok
23:04:54.0715 0x0f84  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
23:04:54.0722 0x0f84  Power - ok
23:04:54.0775 0x0f84  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
23:04:54.0780 0x0f84  PptpMiniport - ok
23:04:54.0797 0x0f84  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
23:04:54.0801 0x0f84  Processor - ok
23:04:54.0862 0x0f84  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\windows\system32\profsvc.dll
23:04:54.0869 0x0f84  ProfSvc - ok
23:04:54.0882 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\windows\system32\lsass.exe
23:04:54.0885 0x0f84  ProtectedStorage - ok
23:04:54.0929 0x0f84  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
23:04:54.0934 0x0f84  Psched - ok
23:04:55.0012 0x0f84  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
23:04:55.0058 0x0f84  ql2300 - ok
23:04:55.0079 0x0f84  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
23:04:55.0084 0x0f84  ql40xx - ok
23:04:55.0110 0x0f84  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
23:04:55.0119 0x0f84  QWAVE - ok
23:04:55.0133 0x0f84  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
23:04:55.0136 0x0f84  QWAVEdrv - ok
23:04:55.0320 0x0f84  [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
23:04:55.0339 0x0f84  RapportCerberus_59849 - ok
23:04:55.0402 0x0f84  [ DCB17A156E10ACF30202F59E8A4AD7EE, E3BE854357BAC3502D51FC674161C7ED8696A6FBCB54F99E50FDA9387E6477B1 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
23:04:55.0412 0x0f84  RapportEI64 - ok
23:04:55.0460 0x0f84  [ 56EFD1EFAE1BCC602124E1937A0923F3, 1E76E11C7EE1A787943A3233D3E5DA1A417E4994404EA0AAB03F923001F44071 ] RapportKE64     C:\windows\system32\Drivers\RapportKE64.sys
23:04:55.0470 0x0f84  RapportKE64 - ok
23:04:55.0575 0x0f84  [ 48BB371827BC8740C25B01EEA68F11AA, 5ED1F6695FF867F540979E27773E61D906B9317FB7CFE464D236413866511C91 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
23:04:55.0616 0x0f84  RapportMgmtService - ok
23:04:55.0657 0x0f84  [ 64CF0700A20B0BA49C7F07B4B968809C, 1A62B066C97D845CC654349F70F3B0646D40A42EE87EDA659420A6045C2598A1 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
23:04:55.0670 0x0f84  RapportPG64 - ok
23:04:55.0682 0x0f84  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
23:04:55.0684 0x0f84  RasAcd - ok
23:04:55.0739 0x0f84  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
23:04:55.0743 0x0f84  RasAgileVpn - ok
23:04:55.0775 0x0f84  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
23:04:55.0780 0x0f84  RasAuto - ok
23:04:55.0798 0x0f84  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
23:04:55.0805 0x0f84  Rasl2tp - ok
23:04:55.0851 0x0f84  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\windows\System32\rasmans.dll
23:04:55.0863 0x0f84  RasMan - ok
23:04:55.0892 0x0f84  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
23:04:55.0896 0x0f84  RasPppoe - ok
23:04:55.0948 0x0f84  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
23:04:55.0952 0x0f84  RasSstp - ok
23:04:55.0991 0x0f84  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
23:04:56.0004 0x0f84  rdbss - ok
23:04:56.0022 0x0f84  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
23:04:56.0024 0x0f84  rdpbus - ok
23:04:56.0069 0x0f84  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
23:04:56.0071 0x0f84  RDPCDD - ok
23:04:56.0086 0x0f84  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
23:04:56.0088 0x0f84  RDPENCDD - ok
23:04:56.0106 0x0f84  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
23:04:56.0107 0x0f84  RDPREFMP - ok
23:04:56.0142 0x0f84  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
23:04:56.0150 0x0f84  RDPWD - ok
23:04:56.0203 0x0f84  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
23:04:56.0212 0x0f84  rdyboost - ok
23:04:56.0246 0x0f84  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
23:04:56.0251 0x0f84  RemoteAccess - ok
23:04:56.0312 0x0f84  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
23:04:56.0320 0x0f84  RemoteRegistry - ok
23:04:56.0406 0x0f84  [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:04:56.0415 0x0f84  RichVideo - ok
23:04:56.0462 0x0f84  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
23:04:56.0466 0x0f84  RpcEptMapper - ok
23:04:56.0492 0x0f84  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
23:04:56.0495 0x0f84  RpcLocator - ok
23:04:56.0538 0x0f84  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\windows\system32\rpcss.dll
23:04:56.0554 0x0f84  RpcSs - ok
23:04:56.0578 0x0f84  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
23:04:56.0581 0x0f84  rspndr - ok
23:04:56.0636 0x0f84  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
23:04:56.0643 0x0f84  RTL8167 - ok
23:04:56.0724 0x0f84  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
23:04:56.0727 0x0f84  rtport - ok
23:04:56.0780 0x0f84  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
23:04:56.0782 0x0f84  SABI - ok
23:04:56.0794 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\windows\system32\lsass.exe
23:04:56.0797 0x0f84  SamSs - ok
23:04:56.0824 0x0f84  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\windows\system32\DRIVERS\sbp2port.sys
23:04:56.0828 0x0f84  sbp2port - ok
23:04:56.0862 0x0f84  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
23:04:56.0870 0x0f84  SCardSvr - ok
23:04:56.0887 0x0f84  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
23:04:56.0890 0x0f84  scfilter - ok
23:04:56.0960 0x0f84  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\windows\system32\schedsvc.dll
23:04:56.0988 0x0f84  Schedule - ok
23:04:57.0011 0x0f84  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\windows\System32\certprop.dll
23:04:57.0015 0x0f84  SCPolicySvc - ok
23:04:57.0046 0x0f84  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\windows\System32\SDRSVC.dll
23:04:57.0052 0x0f84  SDRSVC - ok
23:04:57.0160 0x0f84  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:04:57.0171 0x0f84  SeaPort - ok
23:04:57.0223 0x0f84  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
23:04:57.0226 0x0f84  secdrv - ok
23:04:57.0254 0x0f84  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\windows\system32\seclogon.dll
23:04:57.0258 0x0f84  seclogon - ok
23:04:57.0273 0x0f84  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
23:04:57.0277 0x0f84  SENS - ok
23:04:57.0299 0x0f84  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
23:04:57.0303 0x0f84  SensrSvc - ok
23:04:57.0346 0x0f84  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
23:04:57.0349 0x0f84  Serenum - ok
23:04:57.0394 0x0f84  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
23:04:57.0399 0x0f84  Serial - ok
23:04:57.0414 0x0f84  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
23:04:57.0417 0x0f84  sermouse - ok
23:04:57.0454 0x0f84  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\windows\system32\sessenv.dll
23:04:57.0460 0x0f84  SessionEnv - ok
23:04:57.0493 0x0f84  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
23:04:57.0495 0x0f84  sffdisk - ok
23:04:57.0518 0x0f84  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
23:04:57.0520 0x0f84  sffp_mmc - ok
23:04:57.0543 0x0f84  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
23:04:57.0545 0x0f84  sffp_sd - ok
23:04:57.0594 0x0f84  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
23:04:57.0596 0x0f84  sfloppy - ok
23:04:57.0645 0x0f84  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
23:04:57.0660 0x0f84  SharedAccess - ok
23:04:57.0700 0x0f84  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\windows\System32\shsvcs.dll
23:04:57.0714 0x0f84  ShellHWDetection - ok
23:04:57.0733 0x0f84  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
23:04:57.0736 0x0f84  SiSRaid2 - ok
23:04:57.0744 0x0f84  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
23:04:57.0748 0x0f84  SiSRaid4 - ok
23:04:57.0764 0x0f84  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
23:04:57.0769 0x0f84  Smb - ok
23:04:57.0811 0x0f84  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
23:04:57.0814 0x0f84  SNMPTRAP - ok
23:04:57.0859 0x0f84  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
23:04:57.0861 0x0f84  spldr - ok
23:04:57.0916 0x0f84  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\windows\System32\spoolsv.exe
23:04:57.0936 0x0f84  Spooler - ok
23:04:58.0099 0x0f84  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\windows\system32\sppsvc.exe
23:04:58.0254 0x0f84  sppsvc - ok
23:04:58.0286 0x0f84  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
23:04:58.0292 0x0f84  sppuinotify - ok
23:04:58.0329 0x0f84  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\windows\system32\DRIVERS\srv.sys
23:04:58.0343 0x0f84  srv - ok
23:04:58.0372 0x0f84  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\windows\system32\DRIVERS\srv2.sys
23:04:58.0385 0x0f84  srv2 - ok
23:04:58.0419 0x0f84  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
23:04:58.0426 0x0f84  srvnet - ok
23:04:58.0458 0x0f84  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
23:04:58.0467 0x0f84  SSDPSRV - ok
23:04:58.0481 0x0f84  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
23:04:58.0487 0x0f84  SstpSvc - ok
23:04:58.0511 0x0f84  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
23:04:58.0514 0x0f84  stexstor - ok
23:04:58.0584 0x0f84  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\windows\System32\wiaservc.dll
23:04:58.0604 0x0f84  stisvc - ok
23:04:58.0647 0x0f84  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
23:04:58.0649 0x0f84  swenum - ok
23:04:58.0711 0x0f84  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
23:04:58.0732 0x0f84  swprv - ok
23:04:58.0823 0x0f84  [ 3C80203C725C28CEA5713D1AB242880A, 4056DD312C5DFDF52AA98C69964DB9F573717BF416150225F8EAB30518AE45E9 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
23:04:58.0836 0x0f84  SynTP - ok
23:04:58.0950 0x0f84  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\windows\system32\sysmain.dll
23:04:59.0002 0x0f84  SysMain - ok
23:04:59.0034 0x0f84  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\windows\System32\TabSvc.dll
23:04:59.0039 0x0f84  TabletInputService - ok
23:04:59.0068 0x0f84  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\windows\System32\tapisrv.dll
23:04:59.0079 0x0f84  TapiSrv - ok
23:04:59.0091 0x0f84  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
23:04:59.0095 0x0f84  TBS - ok
23:04:59.0213 0x0f84  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
23:04:59.0265 0x0f84  Tcpip - ok
23:04:59.0384 0x0f84  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
23:04:59.0429 0x0f84  TCPIP6 - ok
23:04:59.0462 0x0f84  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
23:04:59.0465 0x0f84  tcpipreg - ok
23:04:59.0507 0x0f84  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
23:04:59.0509 0x0f84  TDPIPE - ok
23:04:59.0548 0x0f84  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
23:04:59.0550 0x0f84  TDTCP - ok
23:04:59.0599 0x0f84  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
23:04:59.0608 0x0f84  tdx - ok
23:04:59.0641 0x0f84  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
23:04:59.0645 0x0f84  TermDD - ok
23:04:59.0704 0x0f84  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\windows\System32\termsrv.dll
23:04:59.0726 0x0f84  TermService - ok
23:04:59.0746 0x0f84  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
23:04:59.0749 0x0f84  Themes - ok
23:04:59.0773 0x0f84  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
23:04:59.0777 0x0f84  THREADORDER - ok
23:04:59.0795 0x0f84  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
23:04:59.0802 0x0f84  TrkWks - ok
23:04:59.0861 0x0f84  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
23:04:59.0868 0x0f84  TrustedInstaller - ok
23:04:59.0885 0x0f84  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
23:04:59.0888 0x0f84  tssecsrv - ok
23:04:59.0942 0x0f84  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
23:04:59.0948 0x0f84  tunnel - ok
23:04:59.0963 0x0f84  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
23:04:59.0966 0x0f84  uagp35 - ok
23:05:00.0011 0x0f84  [ 31BA4A33AFAB6A69EA092B18017F737F, CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F ] udfs            C:\windows\system32\DRIVERS\udfs.sys
23:05:00.0023 0x0f84  udfs - ok
23:05:00.0059 0x0f84  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
23:05:00.0063 0x0f84  UI0Detect - ok
23:05:00.0083 0x0f84  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\DRIVERS\uliagpkx.sys
23:05:00.0087 0x0f84  uliagpkx - ok
23:05:00.0100 0x0f84  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
23:05:00.0103 0x0f84  umbus - ok
23:05:00.0130 0x0f84  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
23:05:00.0133 0x0f84  UmPass - ok
23:05:00.0172 0x0f84  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
23:05:00.0182 0x0f84  upnphost - ok
23:05:00.0239 0x0f84  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
23:05:00.0243 0x0f84  USBAAPL64 - ok
23:05:00.0264 0x0f84  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
23:05:00.0269 0x0f84  usbccgp - ok
23:05:00.0301 0x0f84  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\windows\system32\DRIVERS\usbcir.sys
23:05:00.0305 0x0f84  usbcir - ok
23:05:00.0318 0x0f84  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\windows\system32\drivers\usbehci.sys
23:05:00.0321 0x0f84  usbehci - ok
23:05:00.0384 0x0f84  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
23:05:00.0396 0x0f84  usbhub - ok
23:05:00.0410 0x0f84  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\windows\system32\drivers\usbohci.sys
23:05:00.0413 0x0f84  usbohci - ok
23:05:00.0452 0x0f84  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
23:05:00.0455 0x0f84  usbprint - ok
23:05:00.0479 0x0f84  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
23:05:00.0483 0x0f84  usbscan - ok
23:05:00.0504 0x0f84  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
23:05:00.0508 0x0f84  USBSTOR - ok
23:05:00.0534 0x0f84  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
23:05:00.0536 0x0f84  usbuhci - ok
23:05:00.0620 0x0f84  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
23:05:00.0627 0x0f84  usbvideo - ok
23:05:00.0661 0x0f84  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
23:05:00.0665 0x0f84  UxSms - ok
23:05:00.0682 0x0f84  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\windows\system32\lsass.exe
23:05:00.0686 0x0f84  VaultSvc - ok
23:05:00.0731 0x0f84  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\DRIVERS\vdrvroot.sys
23:05:00.0735 0x0f84  vdrvroot - ok
23:05:00.0769 0x0f84  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\windows\System32\vds.exe
23:05:00.0788 0x0f84  vds - ok
23:05:00.0802 0x0f84  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
23:05:00.0804 0x0f84  vga - ok
23:05:00.0820 0x0f84  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
23:05:00.0823 0x0f84  VgaSave - ok
23:05:00.0834 0x0f84  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\windows\system32\DRIVERS\vhdmp.sys
23:05:00.0842 0x0f84  vhdmp - ok
23:05:00.0900 0x0f84  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\DRIVERS\viaide.sys
23:05:00.0904 0x0f84  viaide - ok
23:05:00.0928 0x0f84  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\windows\system32\DRIVERS\volmgr.sys
23:05:00.0931 0x0f84  volmgr - ok
23:05:00.0958 0x0f84  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
23:05:00.0969 0x0f84  volmgrx - ok
23:05:01.0002 0x0f84  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\windows\system32\drivers\volsnap.sys
23:05:01.0010 0x0f84  volsnap - ok
23:05:01.0058 0x0f84  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
23:05:01.0064 0x0f84  vsmraid - ok
23:05:01.0148 0x0f84  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\windows\system32\vssvc.exe
23:05:01.0189 0x0f84  VSS - ok
23:05:01.0210 0x0f84  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
23:05:01.0212 0x0f84  vwifibus - ok
23:05:01.0274 0x0f84  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
23:05:01.0278 0x0f84  vwififlt - ok
23:05:01.0311 0x0f84  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
23:05:01.0323 0x0f84  W32Time - ok
23:05:01.0346 0x0f84  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
23:05:01.0348 0x0f84  WacomPen - ok
23:05:01.0386 0x0f84  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
23:05:01.0390 0x0f84  WANARP - ok
23:05:01.0397 0x0f84  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
23:05:01.0401 0x0f84  Wanarpv6 - ok
23:05:01.0492 0x0f84  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
23:05:01.0533 0x0f84  WatAdminSvc - ok
23:05:01.0624 0x0f84  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\windows\system32\wbengine.exe
23:05:01.0719 0x0f84  wbengine - ok
23:05:01.0844 0x0f84  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
23:05:01.0865 0x0f84  WbioSrvc - ok
23:05:01.0960 0x0f84  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\windows\System32\wcncsvc.dll
23:05:01.0978 0x0f84  wcncsvc - ok
23:05:02.0003 0x0f84  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:05:02.0007 0x0f84  WcsPlugInService - ok
23:05:02.0038 0x0f84  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
23:05:02.0040 0x0f84  Wd - ok
23:05:02.0111 0x0f84  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
23:05:02.0137 0x0f84  Wdf01000 - ok
23:05:02.0179 0x0f84  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
23:05:02.0185 0x0f84  WdiServiceHost - ok
23:05:02.0193 0x0f84  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
23:05:02.0198 0x0f84  WdiSystemHost - ok
23:05:02.0230 0x0f84  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\windows\System32\webclnt.dll
23:05:02.0239 0x0f84  WebClient - ok
23:05:02.0269 0x0f84  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
23:05:02.0278 0x0f84  Wecsvc - ok
23:05:02.0288 0x0f84  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
23:05:02.0293 0x0f84  wercplsupport - ok
23:05:02.0335 0x0f84  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
23:05:02.0341 0x0f84  WerSvc - ok
23:05:02.0363 0x0f84  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
23:05:02.0365 0x0f84  WfpLwf - ok
23:05:02.0381 0x0f84  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
23:05:02.0384 0x0f84  WIMMount - ok
23:05:02.0409 0x0f84  WinDefend - ok
23:05:02.0417 0x0f84  WinHttpAutoProxySvc - ok
23:05:02.0494 0x0f84  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
23:05:02.0506 0x0f84  Winmgmt - ok
23:05:02.0604 0x0f84  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\windows\system32\WsmSvc.dll
23:05:02.0662 0x0f84  WinRM - ok
23:05:02.0746 0x0f84  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
23:05:02.0750 0x0f84  WinUsb - ok
23:05:02.0820 0x0f84  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
23:05:02.0847 0x0f84  Wlansvc - ok
23:05:03.0003 0x0f84  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:05:03.0006 0x0f84  wlcrasvc - ok
23:05:03.0139 0x0f84  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:05:03.0207 0x0f84  wlidsvc - ok
23:05:03.0225 0x0f84  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
23:05:03.0227 0x0f84  WmiAcpi - ok
23:05:03.0265 0x0f84  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
23:05:03.0274 0x0f84  wmiApSrv - ok
23:05:03.0320 0x0f84  WMPNetworkSvc - ok
23:05:03.0340 0x0f84  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
23:05:03.0344 0x0f84  WPCSvc - ok
23:05:03.0376 0x0f84  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
23:05:03.0384 0x0f84  WPDBusEnum - ok
23:05:03.0408 0x0f84  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
23:05:03.0411 0x0f84  ws2ifsl - ok
23:05:03.0443 0x0f84  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\windows\System32\wscsvc.dll
23:05:03.0450 0x0f84  wscsvc - ok
23:05:03.0511 0x0f84  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
23:05:03.0514 0x0f84  WSDPrintDevice - ok
23:05:03.0538 0x0f84  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
23:05:03.0540 0x0f84  WSDScan - ok
23:05:03.0545 0x0f84  WSearch - ok
23:05:03.0680 0x0f84  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
23:05:03.0751 0x0f84  wuauserv - ok
23:05:03.0795 0x0f84  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
23:05:03.0798 0x0f84  WudfPf - ok
23:05:03.0860 0x0f84  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
23:05:03.0868 0x0f84  WUDFRd - ok
23:05:03.0908 0x0f84  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
23:05:03.0913 0x0f84  wudfsvc - ok
23:05:03.0956 0x0f84  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\windows\System32\wwansvc.dll
23:05:03.0966 0x0f84  WwanSvc - ok
23:05:04.0038 0x0f84  [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7         C:\windows\system32\DRIVERS\yk62x64.sys
23:05:04.0051 0x0f84  yukonw7 - ok
23:05:04.0075 0x0f84  ================ Scan global ===============================
23:05:04.0114 0x0f84  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
23:05:04.0165 0x0f84  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
23:05:04.0182 0x0f84  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\windows\system32\winsrv.dll
23:05:04.0206 0x0f84  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
23:05:04.0260 0x0f84  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
23:05:04.0271 0x0f84  [ Global ] - ok
23:05:04.0272 0x0f84  ================ Scan MBR ==================================
23:05:04.0293 0x0f84  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
23:05:04.0725 0x0f84  \Device\Harddisk0\DR0 - ok
23:05:04.0727 0x0f84  ================ Scan VBR ==================================
23:05:04.0731 0x0f84  [ 4E8549894B8DF3BBE00E0A023BCA47FD ] \Device\Harddisk0\DR0\Partition1
23:05:04.0734 0x0f84  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
23:05:04.0734 0x0f84  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
23:05:07.0445 0x0f84  [ 73E7D74CACD2B859333F6FB3B872D99E ] \Device\Harddisk0\DR0\Partition2
23:05:07.0446 0x0f84  \Device\Harddisk0\DR0\Partition2 - ok
23:05:07.0451 0x0f84  [ BE94BF7079AF0499F6FFBB1062164460 ] \Device\Harddisk0\DR0\Partition3
23:05:07.0454 0x0f84  \Device\Harddisk0\DR0\Partition3 - ok
23:05:07.0455 0x0f84  ================ Scan generic autorun ======================
23:05:07.0860 0x0f84  [ 1E1FDBB3DF6EAE61984AEBC213271175, FA92FD4BBC60A3795FCAC90EC8A64A10E8C665A22B4B40F531685A043642C11E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:05:08.0267 0x0f84  RtHDVCpl - ok
23:05:08.0281 0x0f84  SynTPEnh - ok
23:05:08.0284 0x0f84  IgfxTray - ok
23:05:08.0286 0x0f84  HotKeysCmds - ok
23:05:08.0289 0x0f84  Persistence - ok
23:05:08.0338 0x0f84  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
23:05:08.0347 0x0f84  UpdateLBPShortCut - ok
23:05:08.0465 0x0f84  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
23:05:08.0481 0x0f84  mcpltui_exe - ok
23:05:08.0699 0x0f84  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:05:08.0735 0x0f84  Adobe ARM - ok
23:05:08.0782 0x0f84  CitrixReceiver - ok
23:05:08.0860 0x0f84  [ 2EBE05FD8ECBA5F230FC26E534E91A11, B8E85D51BD4E6C0D4D447DFA327EAA0AE4A33F04F42063A58122153933C1770E ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
23:05:08.0873 0x0f84  ConnectionCenter - ok
23:05:08.0916 0x0f84  [ 17D9622BFE68386E8C647C4C7F8FEA3E, 50F943F2E47512DCE61A9EBB188361CB71CACC74D9397FA1367AB7112F2C7A09 ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
23:05:08.0923 0x0f84  Redirector - ok
23:05:08.0985 0x0f84  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
23:05:09.0003 0x0f84  QuickTime Task - ok
23:05:09.0079 0x0f84  [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:05:09.0087 0x0f84  SunJavaUpdateSched - ok
23:05:09.0175 0x0f84  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:05:09.0231 0x0f84  Sidebar - ok
23:05:09.0284 0x0f84  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:05:09.0289 0x0f84  mctadmin - ok
23:05:09.0360 0x0f84  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:05:09.0398 0x0f84  Sidebar - ok
23:05:09.0417 0x0f84  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:05:09.0422 0x0f84  mctadmin - ok
23:05:09.0474 0x0f84  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
23:05:09.0478 0x0f84  swg - ok
23:05:09.0483 0x0f84  Waiting for KSN requests completion. In queue: 79
23:05:10.0483 0x0f84  Waiting for KSN requests completion. In queue: 13
23:05:11.0484 0x0f84  Waiting for KSN requests completion. In queue: 13
23:05:12.0638 0x0f84  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
23:05:12.0643 0x0f84  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
23:05:15.0317 0x0f84  ============================================================
23:05:15.0317 0x0f84  Scan finished
23:05:15.0317 0x0f84  ============================================================
23:05:15.0333 0x1564  Detected object count: 1
23:05:15.0333 0x1564  Actual detected object count: 1
23:05:21.0819 0x1564  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
23:05:21.0824 0x1564  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
23:05:21.0840 0x1564  \Device\Harddisk0\DR0\Partition1 - ok
23:05:21.0841 0x1564  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure 
23:05:21.0967 0x1564  KLMD registered as C:\windows\system32\drivers\52194763.sys
23:05:26.0677 0x27b8  Deinitialize success


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 September 2014 - 06:03 PM

How is the computer running now?


Step 1

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 schmoomanoo

schmoomanoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 07 September 2014 - 06:08 PM

It's running a lot better - no malwarebytes alerts since the rootkit was identified. 

 

I'll do the other scans and post them in the next post - thank you! :)



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 September 2014 - 06:10 PM

Ok. :)

#9 schmoomanoo

schmoomanoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 September 2014 - 05:35 PM

Right - ESET took a loooooooong time, but here's the log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5b55fdd1d3e8604381ff9b435cbb18d5
# engine=20043
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-07 11:25:57
# local_time=2014-09-08 12:25:57 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 106854 172938935 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2661 162597407 0 0
# scanned=90
# found=0
# cleaned=0
# scan_time=581
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5b55fdd1d3e8604381ff9b435cbb18d5
# engine=20049
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-08 10:56:36
# local_time=2014-09-08 11:56:36 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 148293 172980374 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 44100 162638846 0 0
# scanned=43289
# found=1
# cleaned=0
# scan_time=7136
sh=91F096D9DC8A899126218372D37D4EFB91727933 ft=1 fh=66853e674cae9b61 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Program Files (x86)\Driver Wizard\Toolbar\conduitinstaller.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5b55fdd1d3e8604381ff9b435cbb18d5
# engine=20049
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-08 08:22:28
# local_time=2014-09-08 09:22:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 182245 173014326 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 78052 162672798 0 0
# scanned=243332
# found=0
# cleaned=0
# scan_time=33875
ESETSmartInstaller@High as downloader log:
Can not open internet
 
had a power failure towards the end so the internet went a bit funny... :-/


#10 schmoomanoo

schmoomanoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 September 2014 - 05:41 PM

FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Boris (administrator) on BORIS-PC on 08-09-2014 23:36:51
Running from C:\Users\Boris\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(DoctorSoft) C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => H.EXE
HKLM\...\Run: [IgfxTray] => DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM\...\Run: [HotKeysCmds] => DOWS\SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] => DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3227352410-2182359678-1881265499-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {87FD9019-EAC7-4D40-9F14-05C635DD8084} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB128&p={SearchTerms}
SearchScopes: HKCU - {87FD9019-EAC7-4D40-9F14-05C635DD8084} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A011GB128&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-02-20]
 
Chrome: 
=======
CHR HomePage: Default -> 1F196D44999D1648CBE47BEDC9F0F05E23C3D5EC2096D213D69DCCDDCB175D2B
CHR DefaultSearchKeyword: Default -> D43074F5D987A04776EF91F3A2758CD4A050F7BD3F6880C826C64EDED5CB4BB8
CHR DefaultSearchProvider: Default -> BC934B8A4E907E01C2A498164CF934D19658F4E47ECA4E9DE2DF1A1B3D5C39EE
CHR DefaultSearchURL: Default -> C6F8F9708BBF12412B4C7BF6B8D7A767BF919BED5ED7501A059D9847593C8C9C
CHR Profile: C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (SiteAdvisor) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Boris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2014-02-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-30] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-07-08] (Windows ® 2003 DDK 3790 provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 23:36 - 2014-09-08 23:37 - 00027887 _____ () C:\Users\Boris\Downloads\FRST.txt
2014-09-08 09:22 - 2014-09-08 09:26 - 02347384 _____ (ESET) C:\Users\Boris\Downloads\esetsmartinstaller_enu (1).exe
2014-09-08 00:13 - 2014-09-08 00:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 00:09 - 2014-09-08 00:13 - 02347384 _____ (ESET) C:\Users\Boris\Downloads\esetsmartinstaller_enu.exe
2014-09-07 23:05 - 2014-09-07 23:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-07 22:29 - 2014-09-07 22:31 - 00049897 _____ () C:\Users\Boris\Downloads\Addition.txt
2014-09-07 22:27 - 2014-09-08 23:37 - 00000000 ____D () C:\FRST
2014-09-07 22:26 - 2014-09-07 22:26 - 02105344 _____ (Farbar) C:\Users\Boris\Downloads\FRST64.exe
2014-09-07 22:11 - 2014-09-07 22:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Boris\Downloads\tdsskiller.exe
2014-09-07 21:21 - 2014-09-07 21:22 - 00688992 ____R (Swearware) C:\Users\Boris\Downloads\dds.com
2014-09-06 23:58 - 2014-09-08 23:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 23:57 - 2014-09-06 23:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-06 23:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-06 23:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-06 21:19 - 2014-09-06 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 15:17 - 2014-08-27 15:17 - 328440983 _____ () C:\windows\MEMORY.DMP
2014-08-27 15:17 - 2014-08-27 15:17 - 00278960 _____ () C:\windows\Minidump\082714-31980-01.dmp
2014-08-26 13:52 - 2014-08-26 13:52 - 00000000 ____D () C:\Users\Boris\AppData\Local\ysaktgpo
2014-08-26 13:11 - 2014-08-27 15:17 - 00000000 ____D () C:\windows\Minidump
2014-08-23 13:19 - 2014-08-24 12:00 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-23 13:19 - 2014-08-24 12:00 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-23 13:16 - 2014-08-27 21:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-15 12:03 - 2014-08-15 12:03 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-14 12:09 - 2014-08-07 02:52 - 00526848 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 12:09 - 2014-08-07 02:46 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-11 12:19 - 2014-08-11 12:19 - 00000000 _____ () C:\Users\Boris\AppData\Local\{76634EA7-4649-4A69-BFD8-745A6ECAA412}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-08 23:37 - 2014-09-08 23:36 - 00027887 _____ () C:\Users\Boris\Downloads\FRST.txt
2014-09-08 23:37 - 2014-09-07 22:27 - 00000000 ____D () C:\FRST
2014-09-08 23:33 - 2013-02-20 18:02 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-09-08 23:33 - 2013-02-20 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-08 23:33 - 2009-07-14 05:45 - 00020032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 23:33 - 2009-07-14 05:45 - 00020032 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 23:31 - 2011-05-27 19:04 - 00000000 __RSD () C:\Users\Boris\Documents\McAfee Vaults
2014-09-08 23:31 - 2011-01-01 21:19 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{72665FDA-3656-47E5-9240-ED7EE6CE202F}
2014-09-08 23:29 - 2014-09-06 23:58 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 23:29 - 2011-01-01 21:24 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 23:29 - 2010-04-27 10:51 - 01358218 _____ () C:\windows\WindowsUpdate.log
2014-09-08 23:24 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-08 23:24 - 2009-07-14 05:51 - 00230159 _____ () C:\windows\setupact.log
2014-09-08 22:50 - 2011-01-01 21:24 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 22:46 - 2012-03-28 21:43 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 09:26 - 2014-09-08 09:22 - 02347384 _____ (ESET) C:\Users\Boris\Downloads\esetsmartinstaller_enu (1).exe
2014-09-08 00:13 - 2014-09-08 00:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 00:13 - 2014-09-08 00:09 - 02347384 _____ (ESET) C:\Users\Boris\Downloads\esetsmartinstaller_enu.exe
2014-09-07 23:07 - 2009-07-14 05:45 - 00430784 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-07 23:05 - 2014-09-07 23:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-07 22:31 - 2014-09-07 22:29 - 00049897 _____ () C:\Users\Boris\Downloads\Addition.txt
2014-09-07 22:26 - 2014-09-07 22:26 - 02105344 _____ (Farbar) C:\Users\Boris\Downloads\FRST64.exe
2014-09-07 22:11 - 2014-09-07 22:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Boris\Downloads\tdsskiller.exe
2014-09-07 21:54 - 2011-01-01 20:39 - 00116768 _____ () C:\Users\Boris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 21:22 - 2014-09-07 21:21 - 00688992 ____R (Swearware) C:\Users\Boris\Downloads\dds.com
2014-09-07 12:05 - 2010-04-27 11:42 - 00872848 _____ () C:\windows\PFRO.log
2014-09-06 23:57 - 2014-09-06 23:57 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 23:57 - 2014-09-06 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 23:51 - 2011-05-27 19:03 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-06 21:20 - 2014-09-06 21:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Boris\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 18:43 - 2011-05-27 19:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-08-27 21:37 - 2014-07-11 17:14 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-27 21:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-27 21:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-08-27 21:36 - 2014-08-23 13:16 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-27 21:36 - 2011-08-22 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 21:36 - 2011-08-17 16:13 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-27 21:36 - 2011-08-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-27 21:36 - 2011-01-01 20:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 21:36 - 2010-04-27 11:03 - 00000000 ____D () C:\ProgramData\WinClon
2014-08-27 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-08-27 21:31 - 2011-08-02 20:19 - 00000000 ____D () C:\ProgramData\Real
2014-08-27 15:39 - 2011-01-01 20:24 - 00000000 ____D () C:\Users\Boris
2014-08-27 15:17 - 2014-08-27 15:17 - 328440983 _____ () C:\windows\MEMORY.DMP
2014-08-27 15:17 - 2014-08-27 15:17 - 00278960 _____ () C:\windows\Minidump\082714-31980-01.dmp
2014-08-27 15:17 - 2014-08-26 13:11 - 00000000 ____D () C:\windows\Minidump
2014-08-26 13:52 - 2014-08-26 13:52 - 00000000 ____D () C:\Users\Boris\AppData\Local\ysaktgpo
2014-08-26 13:16 - 2011-03-22 20:15 - 00000000 ____D () C:\Users\Boris\AppData\Local\Windows Live
2014-08-25 13:47 - 2013-03-30 21:35 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\RealNetworks
2014-08-25 06:53 - 2014-01-06 19:05 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-24 13:08 - 2011-08-02 20:17 - 00000000 ____D () C:\Users\Boris\AppData\Roaming\Real
2014-08-24 12:55 - 2013-11-22 12:16 - 00003304 _____ () C:\windows\IE11_main.log
2014-08-24 12:00 - 2014-08-23 13:19 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-24 12:00 - 2014-08-23 13:19 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-15 12:03 - 2014-08-15 12:03 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3227352410-2182359678-1881265499-1001
2014-08-14 12:12 - 2013-07-15 19:02 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 12:00 - 2011-01-01 21:32 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-11 12:19 - 2014-08-11 12:19 - 00000000 _____ () C:\Users\Boris\AppData\Local\{76634EA7-4649-4A69-BFD8-745A6ECAA412}
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3227352410-2182359678-1881265499-1001\$05dac9abb08d22e7c0fb7e669ec35973
 
Some content of TEMP:
====================
C:\Users\Boris\AppData\Local\Temp\c42ofpd1.dll
C:\Users\Boris\AppData\Local\Temp\contentDATs.exe
C:\Users\Boris\AppData\Local\Temp\cxabvijl.dll
C:\Users\Boris\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Boris\AppData\Local\Temp\lowproc.exe
C:\Users\Boris\AppData\Local\Temp\ose00000.exe
C:\Users\Boris\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Boris\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 13:20
 
==================== End Of Log ============================


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 08 September 2014 - 06:17 PM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 60

Also: download and install Service Pack 1 for Windows 7. Afterwards open Windows Updates in Control Panel and install all available updates. Repeat this until no more updates are offered.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 19 September 2014 - 02:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users