Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7, multiple instances of IE in task manager + other issues


  • Please log in to reply
14 replies to this topic

#1 jp_over

jp_over

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 12 December 2014 - 03:32 PM

Hi,

 

I've recently noticed some symptoms that might indicate a problem with my laptop (Win 7, 64, McAfee AV):

 

1) IE shows multiple instances in Task Manager even when IE is closed

2) a few low memory errors - one caused a blue screen

3) MS Silverlight crashed and had to be reinstalled

4) IE locks up sometimes / freezes

 

I've run MBAM, ESET, MS Security Scanner, and all Windows updates (to include Java and Adobe Flash).  Not sure where else to look.

 

Thanks!

 

Joe



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 12 December 2014 - 09:06 PM

Download TDSSKiller and save it to your desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 12 December 2014 - 09:45 PM

Thanks for the help!  Here's the report:

 

21:43:00.0950 0x152c TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20

21:43:04.0460 0x152c ============================================================

21:43:04.0460 0x152c Current date / time: 2014/12/12 21:43:04.0460

21:43:04.0460 0x152c SystemInfo:

21:43:04.0460 0x152c

21:43:04.0460 0x152c OS Version: 6.1.7601 ServicePack: 1.0

21:43:04.0460 0x152c Product type: Workstation

21:43:04.0460 0x152c ComputerName: PUGET-109085

21:43:04.0460 0x152c UserName: Joseph

21:43:04.0460 0x152c Windows directory: C:\Windows

21:43:04.0460 0x152c System windows directory: C:\Windows

21:43:04.0460 0x152c Running under WOW64

21:43:04.0460 0x152c Processor architecture: Intel x64

21:43:04.0460 0x152c Number of processors: 4

21:43:04.0460 0x152c Page size: 0x1000

21:43:04.0460 0x152c Boot type: Normal boot

21:43:04.0460 0x152c ============================================================

21:43:04.0569 0x152c KLMD registered as C:\Windows\system32\drivers\76784833.sys

21:43:04.0600 0x152c System UUID: {D82BD608-FFD1-DD3C-9BAC-53DF0F911D89}

21:43:04.0834 0x152c Drive \Device\Harddisk0\DR0 - Size: 0x29EB906000 ( 167.68 Gb ), SectorSize: 0x200, Cylinders: 0x5581, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:43:04.0834 0x152c Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:43:04.0834 0x152c ============================================================

21:43:04.0834 0x152c \Device\Harddisk0\DR0:

21:43:04.0834 0x152c MBR partitions:

21:43:04.0834 0x152c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:43:04.0834 0x152c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x14F29800

21:43:04.0834 0x152c \Device\Harddisk1\DR1:

21:43:04.0834 0x152c MBR partitions:

21:43:04.0834 0x152c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000

21:43:04.0834 0x152c ============================================================

21:43:04.0850 0x152c C: <-> \Device\Harddisk0\DR0\Partition2

21:43:05.0427 0x152c D: <-> \Device\Harddisk1\DR1\Partition1

21:43:05.0427 0x152c ============================================================

21:43:05.0427 0x152c Initialize success

21:43:05.0427 0x152c ============================================================

21:44:27.0726 0x1624 ============================================================

21:44:27.0726 0x1624 Scan started

21:44:27.0726 0x1624 Mode: Manual;

21:44:27.0726 0x1624 ============================================================

21:44:27.0726 0x1624 KSN ping started

21:44:57.0223 0x1624 KSN ping finished: true

21:44:57.0316 0x1624 ================ Scan system memory ========================

21:44:57.0316 0x1624 System memory - ok

21:44:57.0316 0x1624 ================ Scan services =============================

21:44:57.0332 0x1624 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

21:44:57.0332 0x1624 !SASCORE - ok

21:44:57.0379 0x1624 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:44:57.0379 0x1624 1394ohci - ok

21:44:57.0394 0x1624 [ 5E8EFEB338DEB1F485420B090FE6C85E, 1F80E36F10A9F3B25D218B903CB0045F3EE0796D9E73A7744C414CA7ECF0EF51 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

21:44:57.0394 0x1624 ac.sharedstore - ok

21:44:57.0410 0x1624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:44:57.0410 0x1624 ACPI - ok

21:44:57.0410 0x1624 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:44:57.0410 0x1624 AcpiPmi - ok

21:44:57.0425 0x1624 [ 047BD1EB681453A7FE492A71802AC9F3, C7401A815D4604CA341EEEAE17C7256401A8D725D27E068E67E791CAD6461445 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

21:44:57.0425 0x1624 AdobeActiveFileMonitor10.0 - ok

21:44:57.0425 0x1624 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:44:57.0425 0x1624 AdobeARMservice - ok

21:44:57.0441 0x1624 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:44:57.0457 0x1624 adp94xx - ok

21:44:57.0457 0x1624 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:44:57.0457 0x1624 adpahci - ok

21:44:57.0472 0x1624 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:44:57.0472 0x1624 adpu320 - ok

21:44:57.0472 0x1624 [ 96A0FF09E226B023DC6ACA253AACEE2E, FCA21BE869329E5479A8FBB0EC6D585C1D7DCC80F36C32928FC4E93D6E409FE3 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

21:44:57.0472 0x1624 ADVService - ok

21:44:57.0488 0x1624 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:44:57.0488 0x1624 AeLookupSvc - ok

21:44:57.0488 0x1624 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys

21:44:57.0503 0x1624 AFD - ok

21:44:57.0503 0x1624 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

21:44:57.0503 0x1624 agp440 - ok

21:44:57.0503 0x1624 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

21:44:57.0519 0x1624 ALG - ok

21:44:57.0519 0x1624 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

21:44:57.0519 0x1624 aliide - ok

21:44:57.0519 0x1624 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

21:44:57.0519 0x1624 amdide - ok

21:44:57.0519 0x1624 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:44:57.0519 0x1624 AmdK8 - ok

21:44:57.0535 0x1624 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

21:44:57.0535 0x1624 AmdPPM - ok

21:44:57.0535 0x1624 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:44:57.0535 0x1624 amdsata - ok

21:44:57.0535 0x1624 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:44:57.0550 0x1624 amdsbs - ok

21:44:57.0550 0x1624 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:44:57.0550 0x1624 amdxata - ok

21:44:57.0550 0x1624 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys

21:44:57.0550 0x1624 AppID - ok

21:44:57.0566 0x1624 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:44:57.0566 0x1624 AppIDSvc - ok

21:44:57.0566 0x1624 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

21:44:57.0566 0x1624 Appinfo - ok

21:44:57.0566 0x1624 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

21:44:57.0566 0x1624 arc - ok

21:44:57.0581 0x1624 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:44:57.0581 0x1624 arcsas - ok

21:44:57.0581 0x1624 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:44:57.0597 0x1624 aspnet_state - ok

21:44:57.0597 0x1624 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:44:57.0597 0x1624 AsyncMac - ok

21:44:57.0597 0x1624 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

21:44:57.0597 0x1624 atapi - ok

21:44:57.0613 0x1624 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:44:57.0628 0x1624 AudioEndpointBuilder - ok

21:44:57.0644 0x1624 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:44:57.0644 0x1624 AudioSrv - ok

21:44:57.0644 0x1624 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:44:57.0659 0x1624 AxInstSV - ok

21:44:57.0659 0x1624 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:44:57.0675 0x1624 b06bdrv - ok

21:44:57.0675 0x1624 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:44:57.0675 0x1624 b57nd60a - ok

21:44:57.0691 0x1624 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

21:44:57.0691 0x1624 BDESVC - ok

21:44:57.0691 0x1624 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

21:44:57.0691 0x1624 Beep - ok

21:44:57.0706 0x1624 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

21:44:57.0722 0x1624 BFE - ok

21:44:57.0737 0x1624 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll

21:44:57.0737 0x1624 BITS - ok

21:44:57.0753 0x1624 [ 5AD1283BB135F69F481FD5BB2A5F62A7, 981CCF329ECB0B77506BC85C49924DED1AC4ACC194AF6865764A8A1808B18755 ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

21:44:57.0769 0x1624 BlackBerry Device Manager - ok

21:44:57.0769 0x1624 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:44:57.0769 0x1624 blbdrive - ok

21:44:57.0784 0x1624 [ EBBFB0846A9E6EC2C8EB37D5159E4A32, CE04E2008F0DA9A51A67727B9C9C2B780DC04535A8C1042D63214F6D3256A8BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

21:44:57.0800 0x1624 Bluetooth Device Monitor - ok

21:44:57.0831 0x1624 [ 34D22C26A53F99E76B7198D4C006737C, 17FE1300130FE023A1374D56CFB97E4AFA41B72644859F0F01B69C3265086D97 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

21:44:57.0847 0x1624 Bluetooth Media Service - ok

21:44:57.0862 0x1624 [ 0CDC62421FAF23ECA85DDF6F6560F690, E74CD783FBBD6CBD55E8A2ADA315922C1ED8F78405448A56C34C0697816D82EC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

21:44:57.0878 0x1624 Bluetooth OBEX Service - ok

21:44:57.0878 0x1624 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:44:57.0878 0x1624 bowser - ok

21:44:57.0893 0x1624 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:44:57.0893 0x1624 BrFiltLo - ok

21:44:57.0893 0x1624 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:44:57.0893 0x1624 BrFiltUp - ok

21:44:57.0893 0x1624 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

21:44:57.0893 0x1624 BridgeMP - ok

21:44:57.0909 0x1624 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

21:44:57.0909 0x1624 Browser - ok

21:44:57.0909 0x1624 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:44:57.0909 0x1624 Brserid - ok

21:44:57.0925 0x1624 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:44:57.0925 0x1624 BrSerWdm - ok

21:44:57.0925 0x1624 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:44:57.0925 0x1624 BrUsbMdm - ok

21:44:57.0925 0x1624 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:44:57.0925 0x1624 BrUsbSer - ok

21:44:57.0925 0x1624 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

21:44:57.0940 0x1624 BthEnum - ok

21:44:57.0940 0x1624 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:44:57.0940 0x1624 BTHMODEM - ok

21:44:57.0940 0x1624 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

21:44:57.0940 0x1624 BthPan - ok

21:44:57.0956 0x1624 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

21:44:57.0971 0x1624 BTHPORT - ok

21:44:57.0971 0x1624 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

21:44:57.0971 0x1624 bthserv - ok

21:44:57.0971 0x1624 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

21:44:57.0971 0x1624 BTHUSB - ok

21:44:57.0987 0x1624 [ BD64048EE0186D7988943327D677AC84, 436910AEDDBAED02A8E71BA0A96EBDE1906B20AA29F02BE2B20946898B4B0C27 ] btmaudio C:\Windows\system32\drivers\btmaud.sys

21:44:57.0987 0x1624 btmaudio - ok

21:44:57.0987 0x1624 [ B9BAE822591494E7347D9E948C917751, 4D1DBB9D86B723A7A520878BDC1AA92B22984971297B7A9156B11222869FC252 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

21:44:57.0987 0x1624 btmaux - ok

21:44:58.0018 0x1624 [ 8669DE4D76C48D8DC09B6034ABEBEB1A, 96BEF747846D2276B50A19C60CD71629ECCBB66BF6CA8CAE333773030FFB588C ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

21:44:58.0034 0x1624 btmhsf - ok

21:44:58.0034 0x1624 btwaudio - ok

21:44:58.0034 0x1624 btwavdt - ok

21:44:58.0049 0x1624 btwl2cap - ok

21:44:58.0049 0x1624 btwrchid - ok

21:44:58.0049 0x1624 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:44:58.0049 0x1624 cdfs - ok

21:44:58.0065 0x1624 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:44:58.0065 0x1624 cdrom - ok

21:44:58.0065 0x1624 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

21:44:58.0065 0x1624 CertPropSvc - ok

21:44:58.0065 0x1624 [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids C:\Windows\system32\drivers\cfwids.sys

21:44:58.0065 0x1624 cfwids - ok

21:44:58.0081 0x1624 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

21:44:58.0081 0x1624 circlass - ok

21:44:58.0081 0x1624 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

21:44:58.0096 0x1624 CLFS - ok

21:44:58.0096 0x1624 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:44:58.0096 0x1624 clr_optimization_v2.0.50727_32 - ok

21:44:58.0096 0x1624 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:44:58.0112 0x1624 clr_optimization_v2.0.50727_64 - ok

21:44:58.0112 0x1624 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:44:58.0127 0x1624 clr_optimization_v4.0.30319_32 - ok

21:44:58.0127 0x1624 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:44:58.0143 0x1624 clr_optimization_v4.0.30319_64 - ok

21:44:58.0143 0x1624 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:44:58.0143 0x1624 CmBatt - ok

21:44:58.0143 0x1624 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:44:58.0143 0x1624 cmdide - ok

21:44:58.0159 0x1624 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

21:44:58.0159 0x1624 CNG - ok

21:44:58.0159 0x1624 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:44:58.0159 0x1624 Compbatt - ok

21:44:58.0174 0x1624 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:44:58.0174 0x1624 CompositeBus - ok

21:44:58.0174 0x1624 COMSysApp - ok

21:44:58.0190 0x1624 [ 06B278D3D74D3AD7FA8E8D8D6300F574, A5CF516AB8BC378B1EABFF8D6741189CB16C2E9868B29F0389727DCC776FC2A3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

21:44:58.0205 0x1624 cphs - ok

21:44:58.0205 0x1624 cpuz135 - ok

21:44:58.0205 0x1624 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:44:58.0205 0x1624 crcdisk - ok

21:44:58.0221 0x1624 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:44:58.0221 0x1624 CryptSvc - ok

21:44:58.0237 0x1624 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:44:58.0237 0x1624 DcomLaunch - ok

21:44:58.0252 0x1624 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

21:44:58.0252 0x1624 defragsvc - ok

21:44:58.0252 0x1624 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:44:58.0252 0x1624 DfsC - ok

21:44:58.0268 0x1624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

21:44:58.0268 0x1624 Dhcp - ok

21:44:58.0283 0x1624 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

21:44:58.0283 0x1624 discache - ok

21:44:58.0283 0x1624 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

21:44:58.0283 0x1624 Disk - ok

21:44:58.0283 0x1624 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:44:58.0299 0x1624 Dnscache - ok

21:44:58.0299 0x1624 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

21:44:58.0299 0x1624 dot3svc - ok

21:44:58.0315 0x1624 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

21:44:58.0315 0x1624 DPS - ok

21:44:58.0315 0x1624 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:44:58.0315 0x1624 drmkaud - ok

21:44:58.0330 0x1624 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:44:58.0346 0x1624 DXGKrnl - ok

21:44:58.0346 0x1624 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

21:44:58.0346 0x1624 EapHost - ok

21:44:58.0413 0x1624 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:44:58.0460 0x1624 ebdrv - ok

21:44:58.0460 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe

21:44:58.0460 0x1624 EFS - ok

21:44:58.0476 0x1624 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:44:58.0491 0x1624 ehRecvr - ok

21:44:58.0491 0x1624 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

21:44:58.0491 0x1624 ehSched - ok

21:44:58.0507 0x1624 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:44:58.0522 0x1624 elxstor - ok

21:44:58.0522 0x1624 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:44:58.0522 0x1624 ErrDev - ok

21:44:58.0522 0x1624 [ C9BAC074D6E241EAA626B2AA97F16B97, 7326037E787B1959AB9C637514F846838E50DFB388E566A5961F2934869DBE1B ] ETD C:\Windows\system32\DRIVERS\ETD.sys

21:44:58.0538 0x1624 ETD - ok

21:44:58.0538 0x1624 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

21:44:58.0554 0x1624 EventSystem - ok

21:44:58.0554 0x1624 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

21:44:58.0554 0x1624 exfat - ok

21:44:58.0569 0x1624 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:44:58.0569 0x1624 fastfat - ok

21:44:58.0585 0x1624 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

21:44:58.0600 0x1624 Fax - ok

21:44:58.0600 0x1624 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

21:44:58.0600 0x1624 fdc - ok

21:44:58.0600 0x1624 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

21:44:58.0600 0x1624 fdPHost - ok

21:44:58.0616 0x1624 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

21:44:58.0616 0x1624 FDResPub - ok

21:44:58.0616 0x1624 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:44:58.0616 0x1624 FileInfo - ok

21:44:58.0616 0x1624 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:44:58.0616 0x1624 Filetrace - ok

21:44:58.0647 0x1624 [ 8669BE94F63944E4F899C3950B520241, 9991E57B3C366D59BD186CEAA78D4590EDB2BC127250CF4D1522CBE413453E72 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:44:58.0663 0x1624 FLEXnet Licensing Service - ok

21:44:58.0663 0x1624 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:44:58.0663 0x1624 flpydisk - ok

21:44:58.0678 0x1624 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:44:58.0678 0x1624 FltMgr - ok

21:44:58.0710 0x1624 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

21:44:58.0725 0x1624 FontCache - ok

21:44:58.0725 0x1624 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:44:58.0741 0x1624 FontCache3.0.0.0 - ok

21:44:58.0741 0x1624 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:44:58.0741 0x1624 FsDepends - ok

21:44:58.0741 0x1624 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:44:58.0741 0x1624 Fs_Rec - ok

21:44:58.0756 0x1624 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:44:58.0756 0x1624 fvevol - ok

21:44:58.0756 0x1624 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:44:58.0756 0x1624 gagp30kx - ok

21:44:58.0772 0x1624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

21:44:58.0788 0x1624 gpsvc - ok

21:44:58.0803 0x1624 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:44:58.0803 0x1624 hcw85cir - ok

21:44:58.0819 0x1624 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:44:58.0819 0x1624 HdAudAddService - ok

21:44:58.0819 0x1624 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:44:58.0834 0x1624 HDAudBus - ok

21:44:58.0834 0x1624 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

21:44:58.0834 0x1624 HidBatt - ok

21:44:58.0834 0x1624 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:44:58.0834 0x1624 HidBth - ok

21:44:58.0850 0x1624 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

21:44:58.0850 0x1624 HidIr - ok

21:44:58.0850 0x1624 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll

21:44:58.0850 0x1624 hidserv - ok

21:44:58.0850 0x1624 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:44:58.0850 0x1624 HidUsb - ok

21:44:58.0866 0x1624 [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

21:44:58.0866 0x1624 HipShieldK - ok

21:44:58.0866 0x1624 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:44:58.0881 0x1624 hkmsvc - ok

21:44:58.0881 0x1624 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:44:58.0881 0x1624 HomeGroupListener - ok

21:44:58.0897 0x1624 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:44:58.0897 0x1624 HomeGroupProvider - ok

21:44:58.0912 0x1624 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

21:44:58.0912 0x1624 HomeNetSvc - ok

21:44:58.0912 0x1624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:44:58.0912 0x1624 HpSAMD - ok

21:44:58.0928 0x1624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:44:58.0944 0x1624 HTTP - ok

21:44:58.0944 0x1624 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:44:58.0944 0x1624 hwpolicy - ok

21:44:58.0944 0x1624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:44:58.0959 0x1624 i8042prt - ok

21:44:58.0959 0x1624 [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

21:44:58.0975 0x1624 iaStor - ok

21:44:58.0990 0x1624 [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys

21:44:58.0990 0x1624 iaStorA - ok

21:44:59.0006 0x1624 [ 6241810294275CEA59EBA9733080E5EE, F9A1A505B9279CD660CAAF4F8D21BDC34AC75FD86E881632A378B9BF39A3738E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

21:44:59.0006 0x1624 IAStorDataMgrSvc - ok

21:44:59.0006 0x1624 [ 10E79E366FA255318F5D1D0ED07F947D, ED1511334356A582D0CAAB94A22BBA5C90FFB4AF3673D02FE0909D4105FD1191 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys

21:44:59.0006 0x1624 iaStorF - ok

21:44:59.0022 0x1624 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:44:59.0022 0x1624 iaStorV - ok

21:44:59.0037 0x1624 [ 7274E304EACD1FE0A4F5047CE6B4DC61, 2FD0FBE52359080DCA9D7F94177680A304B0C5E0B701AD3F9E6F09E8E5D5D7D7 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

21:44:59.0037 0x1624 ibtfltcoex - ok

21:44:59.0037 0x1624 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

21:44:59.0037 0x1624 ICCS - ok

21:44:59.0053 0x1624 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:44:59.0068 0x1624 idsvc - ok

21:44:59.0068 0x1624 IEEtwCollectorService - ok

21:44:59.0162 0x1624 [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

21:44:59.0240 0x1624 igfx - ok

21:44:59.0256 0x1624 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:44:59.0256 0x1624 iirsp - ok

21:44:59.0271 0x1624 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

21:44:59.0287 0x1624 IKEEXT - ok

21:44:59.0302 0x1624 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

21:44:59.0302 0x1624 IntcDAud - ok

21:44:59.0318 0x1624 [ 0043EC20C06FD9FE339B5D37474B731E, E84A078BDBEC7EA29257D758030271B62F3ED2C954DC1EEECC5B24B39EDB2A59 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

21:44:59.0334 0x1624 Intel® Capability Licensing Service Interface - ok

21:44:59.0334 0x1624 [ 50CA8F1A4B0AEC4EE583594F0A8EB719, D5CCADAA5510DDE82910C4782D2A4FF9419A832D5493BCD2DF5194D239763850 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

21:44:59.0334 0x1624 Intel® ME Service - ok

21:44:59.0334 0x1624 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

21:44:59.0334 0x1624 intelide - ok

21:44:59.0349 0x1624 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:44:59.0349 0x1624 intelppm - ok

21:44:59.0349 0x1624 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:44:59.0349 0x1624 IPBusEnum - ok

21:44:59.0349 0x1624 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:44:59.0365 0x1624 IpFilterDriver - ok

21:44:59.0365 0x1624 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:44:59.0380 0x1624 iphlpsvc - ok

21:44:59.0380 0x1624 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:44:59.0380 0x1624 IPMIDRV - ok

21:44:59.0396 0x1624 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:44:59.0396 0x1624 IPNAT - ok

21:44:59.0396 0x1624 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:44:59.0396 0x1624 IRENUM - ok

21:44:59.0396 0x1624 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:44:59.0396 0x1624 isapnp - ok

21:44:59.0412 0x1624 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:44:59.0412 0x1624 iScsiPrt - ok

21:44:59.0412 0x1624 [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

21:44:59.0412 0x1624 iusb3hcs - ok

21:44:59.0427 0x1624 [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

21:44:59.0427 0x1624 iusb3hub - ok

21:44:59.0443 0x1624 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

21:44:59.0458 0x1624 iusb3xhc - ok

21:44:59.0474 0x1624 [ EF27B3B58E393E9F10FB6A6643BD8185, 8671AB0159CCACA39F6D072EFFDE984BAFE56137965AA0ADEC880D00893B8E8A ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

21:44:59.0474 0x1624 jhi_service - ok

21:44:59.0474 0x1624 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:44:59.0474 0x1624 kbdclass - ok

21:44:59.0474 0x1624 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:44:59.0474 0x1624 kbdhid - ok

21:44:59.0490 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

21:44:59.0490 0x1624 KeyIso - ok

21:44:59.0490 0x1624 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:44:59.0490 0x1624 KSecDD - ok

21:44:59.0490 0x1624 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:44:59.0505 0x1624 KSecPkg - ok

21:44:59.0505 0x1624 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:44:59.0505 0x1624 ksthunk - ok

21:44:59.0521 0x1624 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

21:44:59.0521 0x1624 KtmRm - ok

21:44:59.0536 0x1624 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll

21:44:59.0536 0x1624 LanmanServer - ok

21:44:59.0536 0x1624 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:44:59.0536 0x1624 LanmanWorkstation - ok

21:44:59.0552 0x1624 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:44:59.0552 0x1624 lltdio - ok

21:44:59.0552 0x1624 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:44:59.0568 0x1624 lltdsvc - ok

21:44:59.0568 0x1624 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:44:59.0568 0x1624 lmhosts - ok

21:44:59.0583 0x1624 [ 2526FECED1625752EF4F8ABB367CAA7E, EB90022051D5A6AE5FC2C7B0AD05AEF15730160FD611F652E5E7AD00C774881A ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

21:44:59.0583 0x1624 LMS - ok

21:44:59.0583 0x1624 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:44:59.0583 0x1624 LSI_FC - ok

21:44:59.0599 0x1624 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:44:59.0599 0x1624 LSI_SAS - ok

21:44:59.0599 0x1624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:44:59.0599 0x1624 LSI_SAS2 - ok

21:44:59.0614 0x1624 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:44:59.0614 0x1624 LSI_SCSI - ok

21:44:59.0614 0x1624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

21:44:59.0614 0x1624 luafv - ok

21:44:59.0630 0x1624 [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe

21:44:59.0630 0x1624 McAPExe - ok

21:44:59.0630 0x1624 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

21:44:59.0646 0x1624 McMPFSvc - ok

21:44:59.0646 0x1624 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

21:44:59.0661 0x1624 McNaiAnn - ok

21:44:59.0677 0x1624 [ 7F8446D8AD9161B34DC7C209FB148A5A, 26B07EB138992586FC410849172A63ACC26D99ED59B568EFF9C93ED2EB129453 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

21:44:59.0677 0x1624 McODS - ok

21:44:59.0692 0x1624 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

21:44:59.0692 0x1624 mcpltsvc - ok

21:44:59.0692 0x1624 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

21:44:59.0708 0x1624 McProxy - ok

21:44:59.0708 0x1624 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:44:59.0708 0x1624 Mcx2Svc - ok

21:44:59.0724 0x1624 [ AA712FADDDB161F8176BC677077E9511, 80FF28069C426DFC2F1BBCE2EFC7016468B1CAC8EF96D659CD44EF837A2A5C8F ] Media Center 18 Service C:\Program Files (x86)\J River\Media Center 18\JRService.exe

21:44:59.0724 0x1624 Media Center 18 Service - ok

21:44:59.0739 0x1624 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

21:44:59.0739 0x1624 megasas - ok

21:44:59.0739 0x1624 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:44:59.0755 0x1624 MegaSR - ok

21:44:59.0755 0x1624 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

21:44:59.0755 0x1624 MEIx64 - ok

21:44:59.0755 0x1624 [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

21:44:59.0770 0x1624 mfeapfk - ok

21:44:59.0770 0x1624 [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

21:44:59.0770 0x1624 mfeavfk - ok

21:44:59.0802 0x1624 [ 28E4FB2E9918C2E680BE9FD8E130471C, DFD1738F2CC0743F2CD9754CAFFFFC4D38590AF8AD2E1159F8FEAC9E9922E4B8 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

21:44:59.0802 0x1624 mfecore - ok

21:44:59.0817 0x1624 [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

21:44:59.0817 0x1624 mfefire - ok

21:44:59.0833 0x1624 [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

21:44:59.0833 0x1624 mfefirek - ok

21:44:59.0848 0x1624 [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

21:44:59.0864 0x1624 mfehidk - ok

21:44:59.0880 0x1624 [ 6CD9133BC4B5DF25FB8BCBC382C8466F, F3C938D1EDD61EE1B227112CB027804E0AAD16CBCDD67EEE1D8EAABDFC996BA1 ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys

21:44:59.0880 0x1624 mfencbdc - ok

21:44:59.0880 0x1624 [ 408DC249009CDB3C9B299716C861C64B, 3EFBFA8EE857CBF4C6A29E0D1DA38EB21B57D5BA1F6CC544503CA8253E9BFF12 ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys

21:44:59.0895 0x1624 mfencrk - ok

21:44:59.0895 0x1624 [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp C:\Windows\system32\mfevtps.exe

21:44:59.0895 0x1624 mfevtp - ok

21:44:59.0911 0x1624 [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

21:44:59.0911 0x1624 mfewfpk - ok

21:44:59.0911 0x1624 MFE_RR - ok

21:44:59.0926 0x1624 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

21:44:59.0926 0x1624 MMCSS - ok

21:44:59.0926 0x1624 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

21:44:59.0926 0x1624 Modem - ok

21:44:59.0926 0x1624 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:44:59.0926 0x1624 monitor - ok

21:44:59.0942 0x1624 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:44:59.0942 0x1624 mouclass - ok

21:44:59.0942 0x1624 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:44:59.0942 0x1624 mouhid - ok

21:44:59.0942 0x1624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:44:59.0942 0x1624 mountmgr - ok

21:44:59.0958 0x1624 [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:44:59.0958 0x1624 MozillaMaintenance - ok

21:44:59.0958 0x1624 [ 5B2ABA7B19310BFA3C2A9D5706D0F8F0, 06E2F5DF085D5C7F453A872E675B1481F27D5238C12F100719FFAF9A335F2009 ] mozybackup C:\Program Files\MozyHome\mozybackup.exe

21:44:59.0958 0x1624 mozybackup - ok

21:44:59.0958 0x1624 [ 5C8DE0072F51BA6A8F8A94675C58B394, 61D00E447E0C7FEA344475405C286F2280AE2367E7BBE3F00E200A8C87974BE1 ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys

21:44:59.0958 0x1624 mozyFilter - ok

21:44:59.0973 0x1624 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

21:44:59.0973 0x1624 mpio - ok

21:44:59.0973 0x1624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:44:59.0973 0x1624 mpsdrv - ok

21:44:59.0989 0x1624 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:45:00.0004 0x1624 MpsSvc - ok

21:45:00.0004 0x1624 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:45:00.0020 0x1624 MRxDAV - ok

21:45:00.0020 0x1624 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:45:00.0020 0x1624 mrxsmb - ok

21:45:00.0020 0x1624 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:45:00.0036 0x1624 mrxsmb10 - ok

21:45:00.0036 0x1624 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:45:00.0036 0x1624 mrxsmb20 - ok

21:45:00.0036 0x1624 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

21:45:00.0036 0x1624 msahci - ok

21:45:00.0051 0x1624 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:45:00.0051 0x1624 msdsm - ok

21:45:00.0051 0x1624 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

21:45:00.0051 0x1624 MSDTC - ok

21:45:00.0067 0x1624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:45:00.0067 0x1624 Msfs - ok

21:45:00.0067 0x1624 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:45:00.0067 0x1624 mshidkmdf - ok

21:45:00.0067 0x1624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:45:00.0067 0x1624 msisadrv - ok

21:45:00.0082 0x1624 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:45:00.0082 0x1624 MSiSCSI - ok

21:45:00.0082 0x1624 msiserver - ok

21:45:00.0082 0x1624 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:45:00.0082 0x1624 MSKSSRV - ok

21:45:00.0098 0x1624 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:45:00.0098 0x1624 MSPCLOCK - ok

21:45:00.0098 0x1624 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:45:00.0098 0x1624 MSPQM - ok

21:45:00.0098 0x1624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:45:00.0114 0x1624 MsRPC - ok

21:45:00.0114 0x1624 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:45:00.0114 0x1624 mssmbios - ok

21:45:00.0114 0x1624 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:45:00.0114 0x1624 MSTEE - ok

21:45:00.0129 0x1624 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:45:00.0129 0x1624 MTConfig - ok

21:45:00.0129 0x1624 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

21:45:00.0129 0x1624 Mup - ok

21:45:00.0145 0x1624 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

21:45:00.0145 0x1624 napagent - ok

21:45:00.0160 0x1624 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:45:00.0160 0x1624 NativeWifiP - ok

21:45:00.0176 0x1624 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

21:45:00.0192 0x1624 NDIS - ok

21:45:00.0192 0x1624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:45:00.0192 0x1624 NdisCap - ok

21:45:00.0207 0x1624 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:45:00.0207 0x1624 NdisTapi - ok

21:45:00.0207 0x1624 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:45:00.0207 0x1624 Ndisuio - ok

21:45:00.0207 0x1624 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:45:00.0207 0x1624 NdisWan - ok

21:45:00.0223 0x1624 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:45:00.0223 0x1624 NDProxy - ok

21:45:00.0223 0x1624 [ C3A9A4EDB8842884F888BE669834F3D1, D0F3C8500A9AD82149E82258258F55894662E70BFE7C73CA623DDF9BD059E2C4 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

21:45:00.0223 0x1624 Net Driver HPZ12 - ok

21:45:00.0223 0x1624 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:45:00.0223 0x1624 NetBIOS - ok

21:45:00.0238 0x1624 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:45:00.0238 0x1624 NetBT - ok

21:45:00.0238 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

21:45:00.0254 0x1624 Netlogon - ok

21:45:00.0254 0x1624 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

21:45:00.0270 0x1624 Netman - ok

21:45:00.0270 0x1624 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:45:00.0285 0x1624 NetMsmqActivator - ok

21:45:00.0285 0x1624 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:45:00.0285 0x1624 NetPipeActivator - ok

21:45:00.0301 0x1624 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

21:45:00.0301 0x1624 netprofm - ok

21:45:00.0316 0x1624 [ C9E9017AC2291E96ED3376B72BC7CF8D, F75BE67D382320702A9A5D91930B4D587856061035B04BDE3AA6A282C7E2B6A1 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys

21:45:00.0348 0x1624 netr28ux - ok

21:45:00.0348 0x1624 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:45:00.0348 0x1624 NetTcpActivator - ok

21:45:00.0348 0x1624 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:45:00.0348 0x1624 NetTcpPortSharing - ok

21:45:00.0540 0x1624 [ 62A8A81674F71B76289E460615A0AC73, 18EC13F46360DB819200F7B77E0F952D43C25FEE91D6CB44C42502F4E3042D74 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys

21:45:00.0680 0x1624 NETwNs64 - ok

21:45:00.0696 0x1624 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:45:00.0696 0x1624 nfrd960 - ok

21:45:00.0696 0x1624 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:45:00.0711 0x1624 NlaSvc - ok

21:45:00.0711 0x1624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:45:00.0711 0x1624 Npfs - ok

21:45:00.0711 0x1624 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

21:45:00.0711 0x1624 nsi - ok

21:45:00.0727 0x1624 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:45:00.0727 0x1624 nsiproxy - ok

21:45:00.0758 0x1624 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:45:00.0774 0x1624 Ntfs - ok

21:45:00.0774 0x1624 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

21:45:00.0774 0x1624 Null - ok

21:45:00.0977 0x1624 [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:45:01.0164 0x1624 nvlddmkm - ok

21:45:01.0195 0x1624 [ D6310F79E51D1F997E964E81DD368AEA, 27D0159F45C712C6165FDB9F40823438225555E71BB01E3B55F5B5D7BE15D389 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

21:45:01.0226 0x1624 NvNetworkService - ok

21:45:01.0226 0x1624 [ 30458B18AEA941B1FD3A6A076BE95A71, F3B36E52D63939A89658073E1DEFFCD050EF9B39F643771E846737915012D5FB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

21:45:01.0226 0x1624 nvpciflt - ok

21:45:01.0226 0x1624 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:45:01.0242 0x1624 nvraid - ok

21:45:01.0242 0x1624 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:45:01.0242 0x1624 nvstor - ok

21:45:01.0257 0x1624 [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\Windows\system32\nvvsvc.exe

21:45:01.0273 0x1624 nvsvc - ok

21:45:01.0289 0x1624 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:45:01.0289 0x1624 nv_agp - ok

21:45:01.0289 0x1624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:45:01.0289 0x1624 ohci1394 - ok

21:45:01.0289 0x1624 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:45:01.0304 0x1624 ose - ok

21:45:01.0382 0x1624 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:45:01.0460 0x1624 osppsvc - ok

21:45:01.0460 0x1624 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:45:01.0476 0x1624 p2pimsvc - ok

21:45:01.0476 0x1624 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

21:45:01.0491 0x1624 p2psvc - ok

21:45:01.0491 0x1624 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

21:45:01.0491 0x1624 Parport - ok

21:45:01.0507 0x1624 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:45:01.0507 0x1624 partmgr - ok

21:45:01.0507 0x1624 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:45:01.0507 0x1624 PcaSvc - ok

21:45:01.0523 0x1624 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

21:45:01.0523 0x1624 pci - ok

21:45:01.0523 0x1624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

21:45:01.0523 0x1624 pciide - ok

21:45:01.0538 0x1624 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:45:01.0538 0x1624 pcmcia - ok

21:45:01.0538 0x1624 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

21:45:01.0538 0x1624 pcw - ok

21:45:01.0554 0x1624 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:45:01.0554 0x1624 PEAUTH - ok

21:45:01.0585 0x1624 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:45:01.0585 0x1624 PerfHost - ok

21:45:01.0616 0x1624 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

21:45:01.0632 0x1624 pla - ok

21:45:01.0647 0x1624 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:45:01.0647 0x1624 PlugPlay - ok

21:45:01.0647 0x1624 [ C203F2064F6AEA4C902C86B1E40F3D1B, DA6846CC64299BFC8056A791394A0BE1F077E72429C78980FF035DD2F78ABF4E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

21:45:01.0663 0x1624 Pml Driver HPZ12 - ok

21:45:01.0663 0x1624 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:45:01.0663 0x1624 PNRPAutoReg - ok

21:45:01.0663 0x1624 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:45:01.0679 0x1624 PNRPsvc - ok

21:45:01.0679 0x1624 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:45:01.0694 0x1624 PolicyAgent - ok

21:45:01.0694 0x1624 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

21:45:01.0710 0x1624 Power - ok

21:45:01.0710 0x1624 [ 1045551441ECE5532755DA637BE7BB94, B9A3EBC3189DA7B73F549CD133F56D9B2E6EBE364E69818FEDD87D4EE3EFA140 ] PowerBiosServer C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

21:45:01.0710 0x1624 PowerBiosServer - ok

21:45:01.0710 0x1624 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:45:01.0710 0x1624 PptpMiniport - ok

21:45:01.0725 0x1624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

21:45:01.0725 0x1624 Processor - ok

21:45:01.0725 0x1624 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

21:45:01.0725 0x1624 ProfSvc - ok

21:45:01.0741 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:45:01.0741 0x1624 ProtectedStorage - ok

21:45:01.0741 0x1624 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:45:01.0741 0x1624 Psched - ok

21:45:01.0741 0x1624 [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

21:45:01.0741 0x1624 PxHlpa64 - ok

21:45:01.0772 0x1624 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:45:01.0803 0x1624 ql2300 - ok

21:45:01.0803 0x1624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:45:01.0803 0x1624 ql40xx - ok

21:45:01.0819 0x1624 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

21:45:01.0819 0x1624 QWAVE - ok

21:45:01.0819 0x1624 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:45:01.0819 0x1624 QWAVEdrv - ok

21:45:01.0819 0x1624 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:45:01.0819 0x1624 RasAcd - ok

21:45:01.0835 0x1624 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:45:01.0835 0x1624 RasAgileVpn - ok

21:45:01.0835 0x1624 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

21:45:01.0835 0x1624 RasAuto - ok

21:45:01.0850 0x1624 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:45:01.0850 0x1624 Rasl2tp - ok

21:45:01.0850 0x1624 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

21:45:01.0866 0x1624 RasMan - ok

21:45:01.0866 0x1624 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:45:01.0866 0x1624 RasPppoe - ok

21:45:01.0866 0x1624 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:45:01.0866 0x1624 RasSstp - ok

21:45:01.0881 0x1624 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:45:01.0881 0x1624 rdbss - ok

21:45:01.0881 0x1624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

21:45:01.0881 0x1624 rdpbus - ok

21:45:01.0897 0x1624 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:45:01.0897 0x1624 RDPCDD - ok

21:45:01.0897 0x1624 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:45:01.0897 0x1624 RDPENCDD - ok

21:45:01.0897 0x1624 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:45:01.0897 0x1624 RDPREFMP - ok

21:45:01.0897 0x1624 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

21:45:01.0913 0x1624 RdpVideoMiniport - ok

21:45:01.0913 0x1624 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:45:01.0913 0x1624 RDPWD - ok

21:45:01.0928 0x1624 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:45:01.0928 0x1624 rdyboost - ok

21:45:01.0928 0x1624 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:45:01.0928 0x1624 RemoteAccess - ok

21:45:01.0944 0x1624 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:45:01.0944 0x1624 RemoteRegistry - ok

21:45:01.0944 0x1624 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

21:45:01.0944 0x1624 RFCOMM - ok

21:45:01.0959 0x1624 [ 37E8AD3CCDAEC87B05C6050DBD9B56F0, 390A981B576BBCB6595FEC1A3525A5748BB957268571E0C325B6F058F30115CE ] RIM MDNS C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

21:45:01.0959 0x1624 RIM MDNS - ok

21:45:01.0991 0x1624 [ B5D6FFFD964EF6DC906C80910055101C, 39D84BB696738EAE1CFBAA6176309C382DE2D1AEC8AB5BEF8538A3D104B05E77 ] RIM Tunnel Service C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

21:45:02.0006 0x1624 RIM Tunnel Service - ok

21:45:02.0006 0x1624 [ 13D2E03E86B34C21D108770E0B5115BB, 8A1695188DD69C377C3B3BEC0B07F5D0F4D19651D7D984BD91F0D78E6B630CC6 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

21:45:02.0022 0x1624 RimUsb - ok

21:45:02.0022 0x1624 [ A8C0368EF257B84D4E5A174FB999F7D2, D2B4FCD6B4BBA9DEBFAF24629E518211E913BC9B4D07F72BA5DA99CF4DCA6ABB ] rimvndis C:\Windows\system32\Drivers\rimvndis6_AMD64.sys

21:45:02.0022 0x1624 rimvndis - ok

21:45:02.0022 0x1624 [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

21:45:02.0022 0x1624 RimVSerPort - ok

21:45:02.0022 0x1624 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

21:45:02.0022 0x1624 ROOTMODEM - ok

21:45:02.0037 0x1624 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:45:02.0037 0x1624 RpcEptMapper - ok

21:45:02.0037 0x1624 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

21:45:02.0037 0x1624 RpcLocator - ok

21:45:02.0037 0x1624 [ 6684437F3628EF237C354F77D33426D1, ABFCB62E688303373E3898ED479271F4F1133A64ED58868969CE314B7D871BC9 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe

21:45:02.0037 0x1624 rpcnet - ok

21:45:02.0053 0x1624 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

21:45:02.0053 0x1624 RpcSs - ok

21:45:02.0069 0x1624 [ A90376A91D64DF7C909A72861FC1B4F9, 686A497BDD87F1017B0EBE4A18F8DC35608C6C477A39CCAB2FB11D09B38411C4 ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys

21:45:02.0069 0x1624 RSBASTOR - ok

21:45:02.0069 0x1624 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:45:02.0084 0x1624 rspndr - ok

21:45:02.0100 0x1624 [ C5CD940EFFADE1F6246730BCA14E9FE6, 89DA870C50765D6E7344DCE56CDEB590BAC6927EA6C41B4F05B1C5C3D6ECA1FA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

21:45:02.0100 0x1624 RTL8167 - ok

21:45:02.0100 0x1624 [ A49CDA75F8E41F769D19E2669BD62B37, 768A7CAD039C0285191E9D20E36ED8B9A2009499D75888AD88418385B0B9E1AB ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys

21:45:02.0100 0x1624 S3XXx64 - ok

21:45:02.0115 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

21:45:02.0115 0x1624 SamSs - ok

21:45:02.0115 0x1624 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

21:45:02.0115 0x1624 SASDIFSV - ok

21:45:02.0115 0x1624 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

21:45:02.0115 0x1624 SASKUTIL - ok

21:45:02.0131 0x1624 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:45:02.0131 0x1624 sbp2port - ok

21:45:02.0131 0x1624 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:45:02.0131 0x1624 SCardSvr - ok

21:45:02.0147 0x1624 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:45:02.0147 0x1624 scfilter - ok

21:45:02.0162 0x1624 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

21:45:02.0178 0x1624 Schedule - ok

21:45:02.0193 0x1624 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:45:02.0193 0x1624 SCPolicySvc - ok

21:45:02.0193 0x1624 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:45:02.0193 0x1624 SDRSVC - ok

21:45:02.0209 0x1624 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:45:02.0209 0x1624 secdrv - ok

21:45:02.0209 0x1624 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

21:45:02.0209 0x1624 seclogon - ok

21:45:02.0209 0x1624 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

21:45:02.0209 0x1624 SENS - ok

21:45:02.0225 0x1624 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:45:02.0225 0x1624 SensrSvc - ok

21:45:02.0225 0x1624 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

21:45:02.0225 0x1624 Serenum - ok

21:45:02.0225 0x1624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

21:45:02.0225 0x1624 Serial - ok

21:45:02.0240 0x1624 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:45:02.0240 0x1624 sermouse - ok

21:45:02.0240 0x1624 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

21:45:02.0240 0x1624 SessionEnv - ok

21:45:02.0256 0x1624 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:45:02.0256 0x1624 sffdisk - ok

21:45:02.0256 0x1624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:45:02.0256 0x1624 sffp_mmc - ok

21:45:02.0256 0x1624 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:45:02.0256 0x1624 sffp_sd - ok

21:45:02.0256 0x1624 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:45:02.0256 0x1624 sfloppy - ok

21:45:02.0271 0x1624 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:45:02.0271 0x1624 SharedAccess - ok

21:45:02.0287 0x1624 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:45:02.0287 0x1624 ShellHWDetection - ok

21:45:02.0303 0x1624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:45:02.0303 0x1624 SiSRaid2 - ok

21:45:02.0303 0x1624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:45:02.0303 0x1624 SiSRaid4 - ok

21:45:02.0303 0x1624 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:45:02.0303 0x1624 Smb - ok

21:45:02.0318 0x1624 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:45:02.0318 0x1624 SNMPTRAP - ok

21:45:02.0318 0x1624 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

21:45:02.0318 0x1624 spldr - ok

21:45:02.0334 0x1624 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

21:45:02.0334 0x1624 Spooler - ok

21:45:02.0401 0x1624 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

21:45:02.0448 0x1624 sppsvc - ok

21:45:02.0464 0x1624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:45:02.0464 0x1624 sppuinotify - ok

21:45:02.0479 0x1624 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

21:45:02.0479 0x1624 srv - ok

21:45:02.0495 0x1624 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:45:02.0495 0x1624 srv2 - ok

21:45:02.0495 0x1624 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:45:02.0495 0x1624 srvnet - ok

21:45:02.0510 0x1624 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:45:02.0510 0x1624 SSDPSRV - ok

21:45:02.0510 0x1624 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys

21:45:02.0510 0x1624 SSPORT - ok

21:45:02.0526 0x1624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:45:02.0526 0x1624 SstpSvc - ok

21:45:02.0542 0x1624 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe

21:45:02.0557 0x1624 Steam Client Service - ok

21:45:02.0557 0x1624 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:45:02.0557 0x1624 stexstor - ok

21:45:02.0573 0x1624 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

21:45:02.0573 0x1624 stisvc - ok

21:45:02.0588 0x1624 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:45:02.0588 0x1624 swenum - ok

21:45:02.0588 0x1624 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

21:45:02.0604 0x1624 swprv - ok

21:45:02.0635 0x1624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

21:45:02.0666 0x1624 SysMain - ok

21:45:02.0666 0x1624 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:45:02.0666 0x1624 TabletInputService - ok

21:45:02.0682 0x1624 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

21:45:02.0682 0x1624 TapiSrv - ok

21:45:02.0682 0x1624 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

21:45:02.0682 0x1624 TBS - ok

21:45:02.0729 0x1624 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:45:02.0744 0x1624 Tcpip - ok

21:45:02.0776 0x1624 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:45:02.0807 0x1624 TCPIP6 - ok

21:45:02.0807 0x1624 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:45:02.0807 0x1624 tcpipreg - ok

21:45:02.0822 0x1624 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:45:02.0822 0x1624 TDPIPE - ok

21:45:02.0822 0x1624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:45:02.0822 0x1624 TDTCP - ok

21:45:02.0822 0x1624 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:45:02.0822 0x1624 tdx - ok

21:45:02.0838 0x1624 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:45:02.0838 0x1624 TermDD - ok

21:45:02.0854 0x1624 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll

21:45:02.0854 0x1624 TermService - ok

21:45:02.0869 0x1624 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

21:45:02.0869 0x1624 Themes - ok

21:45:02.0869 0x1624 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

21:45:02.0869 0x1624 THREADORDER - ok

21:45:02.0869 0x1624 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

21:45:02.0885 0x1624 TrkWks - ok

21:45:02.0885 0x1624 [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight C:\Windows\System32\drivers\TrueSight.sys

21:45:02.0885 0x1624 TrueSight - ok

21:45:02.0885 0x1624 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:45:02.0885 0x1624 TrustedInstaller - ok

21:45:02.0900 0x1624 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:45:02.0900 0x1624 tssecsrv - ok

21:45:02.0900 0x1624 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:45:02.0900 0x1624 TsUsbFlt - ok

21:45:02.0900 0x1624 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:45:02.0916 0x1624 TsUsbGD - ok

21:45:02.0916 0x1624 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:45:02.0916 0x1624 tunnel - ok

21:45:02.0916 0x1624 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:45:02.0916 0x1624 uagp35 - ok

21:45:02.0932 0x1624 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:45:02.0932 0x1624 udfs - ok

21:45:02.0947 0x1624 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:45:02.0947 0x1624 UI0Detect - ok

21:45:02.0947 0x1624 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:45:02.0947 0x1624 uliagpkx - ok

21:45:02.0947 0x1624 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:45:02.0947 0x1624 umbus - ok

21:45:02.0963 0x1624 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

21:45:02.0963 0x1624 UmPass - ok

21:45:02.0963 0x1624 [ 5A5D20BD5BA50B8F671CDA78585729D5, 1B537183E883D64F8D6B6FC6CC01F62ED6EE744AB43124CB25EF55CA3A775558 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

21:45:02.0978 0x1624 UNS - ok

21:45:02.0978 0x1624 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

21:45:02.0994 0x1624 upnphost - ok

21:45:02.0994 0x1624 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:45:02.0994 0x1624 usbaudio - ok

21:45:02.0994 0x1624 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:45:02.0994 0x1624 usbccgp - ok

21:45:03.0010 0x1624 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:45:03.0010 0x1624 usbcir - ok

21:45:03.0010 0x1624 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys

21:45:03.0010 0x1624 usbehci - ok

21:45:03.0025 0x1624 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:45:03.0025 0x1624 usbhub - ok

21:45:03.0025 0x1624 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:45:03.0025 0x1624 usbohci - ok

21:45:03.0025 0x1624 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

21:45:03.0025 0x1624 usbprint - ok

21:45:03.0041 0x1624 [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys

21:45:03.0041 0x1624 usbrndis6 - ok

21:45:03.0041 0x1624 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:45:03.0041 0x1624 USBSTOR - ok

21:45:03.0041 0x1624 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:45:03.0056 0x1624 usbuhci - ok

21:45:03.0056 0x1624 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

21:45:03.0056 0x1624 usbvideo - ok

21:45:03.0056 0x1624 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

21:45:03.0072 0x1624 UxSms - ok

21:45:03.0072 0x1624 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

21:45:03.0072 0x1624 VaultSvc - ok

21:45:03.0072 0x1624 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:45:03.0072 0x1624 vdrvroot - ok

21:45:03.0088 0x1624 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

21:45:03.0103 0x1624 vds - ok

21:45:03.0103 0x1624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:45:03.0103 0x1624 vga - ok

21:45:03.0103 0x1624 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

21:45:03.0103 0x1624 VgaSave - ok

21:45:03.0103 0x1624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:45:03.0119 0x1624 vhdmp - ok

21:45:03.0150 0x1624 [ E066AA9C9866C2001372486A6841108C, 648E39962EDB3D77FBB5E2D5B603E16240AADE181A20E8778EE3D8847E4C0984 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

21:45:03.0181 0x1624 VIAHdAudAddService - ok

21:45:03.0181 0x1624 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

21:45:03.0181 0x1624 viaide - ok

21:45:03.0181 0x1624 [ 1236737C7993FB462610E1A0AA92C40B, 85385740AE7F885ACD605860AB2642DAC7456BB26C6615DAA9EE02AF54FEF77C ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe

21:45:03.0181 0x1624 VIAKaraokeService - ok

21:45:03.0197 0x1624 [ 754C8BF43F0DD4B54865F174A62761E9, 921597FE5154939314DACA57361C5A03A622B9AA61D51A45A09995A6D1A923A7 ] VMfilt C:\Windows\system32\drivers\VMfilt64.sys

21:45:03.0197 0x1624 VMfilt - ok

21:45:03.0197 0x1624 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:45:03.0197 0x1624 volmgr - ok

21:45:03.0212 0x1624 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:45:03.0212 0x1624 volmgrx - ok

21:45:03.0228 0x1624 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:45:03.0228 0x1624 volsnap - ok

21:45:03.0228 0x1624 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:45:03.0244 0x1624 vsmraid - ok

21:45:03.0275 0x1624 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

21:45:03.0290 0x1624 VSS - ok

21:45:03.0290 0x1624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

21:45:03.0290 0x1624 vwifibus - ok

21:45:03.0306 0x1624 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

21:45:03.0306 0x1624 vwififlt - ok

21:45:03.0306 0x1624 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

21:45:03.0306 0x1624 vwifimp - ok

21:45:03.0322 0x1624 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

21:45:03.0322 0x1624 W32Time - ok

21:45:03.0322 0x1624 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:45:03.0322 0x1624 WacomPen - ok

21:45:03.0337 0x1624 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:45:03.0337 0x1624 WANARP - ok

21:45:03.0337 0x1624 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:45:03.0337 0x1624 Wanarpv6 - ok

21:45:03.0368 0x1624 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:45:03.0384 0x1624 WatAdminSvc - ok

21:45:03.0415 0x1624 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

21:45:03.0431 0x1624 wbengine - ok

21:45:03.0446 0x1624 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:45:03.0446 0x1624 WbioSrvc - ok

21:45:03.0462 0x1624 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:45:03.0462 0x1624 wcncsvc - ok

21:45:03.0462 0x1624 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:45:03.0462 0x1624 WcsPlugInService - ok

21:45:03.0478 0x1624 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

21:45:03.0478 0x1624 Wd - ok

21:45:03.0478 0x1624 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

21:45:03.0478 0x1624 WDC_SAM - ok

21:45:03.0493 0x1624 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:45:03.0509 0x1624 Wdf01000 - ok

21:45:03.0509 0x1624 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:45:03.0509 0x1624 WdiServiceHost - ok

21:45:03.0509 0x1624 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:45:03.0509 0x1624 WdiSystemHost - ok

21:45:03.0524 0x1624 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

21:45:03.0524 0x1624 WebClient - ok

21:45:03.0540 0x1624 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:45:03.0540 0x1624 Wecsvc - ok

21:45:03.0540 0x1624 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:45:03.0540 0x1624 wercplsupport - ok

21:45:03.0556 0x1624 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

21:45:03.0556 0x1624 WerSvc - ok

21:45:03.0556 0x1624 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:45:03.0556 0x1624 WfpLwf - ok

21:45:03.0556 0x1624 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:45:03.0556 0x1624 WIMMount - ok

21:45:03.0571 0x1624 WinDefend - ok

21:45:03.0571 0x1624 WinHttpAutoProxySvc - ok

21:45:03.0587 0x1624 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:45:03.0587 0x1624 Winmgmt - ok

21:45:03.0618 0x1624 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll

21:45:03.0649 0x1624 WinRM - ok

21:45:03.0649 0x1624 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

21:45:03.0649 0x1624 WinUsb - ok

21:45:03.0680 0x1624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:45:03.0696 0x1624 Wlansvc - ok

21:45:03.0696 0x1624 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:45:03.0696 0x1624 WmiAcpi - ok

21:45:03.0696 0x1624 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:45:03.0712 0x1624 wmiApSrv - ok

21:45:03.0712 0x1624 WMPNetworkSvc - ok

21:45:03.0712 0x1624 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:45:03.0712 0x1624 WPCSvc - ok

21:45:03.0727 0x1624 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:45:03.0727 0x1624 WPDBusEnum - ok

21:45:03.0727 0x1624 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:45:03.0727 0x1624 ws2ifsl - ok

21:45:03.0727 0x1624 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll

21:45:03.0727 0x1624 wscsvc - ok

21:45:03.0743 0x1624 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

21:45:03.0743 0x1624 WSDPrintDevice - ok

21:45:03.0743 0x1624 WSearch - ok

21:45:03.0790 0x1624 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll

21:45:03.0821 0x1624 wuauserv - ok

21:45:03.0821 0x1624 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:45:03.0821 0x1624 WudfPf - ok

21:45:03.0836 0x1624 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:45:03.0836 0x1624 WUDFRd - ok

21:45:03.0836 0x1624 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:45:03.0852 0x1624 wudfsvc - ok

21:45:03.0852 0x1624 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

21:45:03.0852 0x1624 WwanSvc - ok

21:45:03.0868 0x1624 ================ Scan global ===============================

21:45:03.0868 0x1624 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

21:45:03.0883 0x1624 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:45:03.0883 0x1624 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:45:03.0899 0x1624 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

21:45:03.0899 0x1624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

21:45:03.0899 0x1624 [ Global ] - ok

21:45:03.0899 0x1624 ================ Scan MBR ==================================

21:45:03.0899 0x1624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:45:03.0961 0x1624 \Device\Harddisk0\DR0 - ok

21:45:03.0977 0x1624 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

21:45:03.0977 0x1624 \Device\Harddisk1\DR1 - ok

21:45:03.0977 0x1624 ================ Scan VBR ==================================

21:45:03.0977 0x1624 [ 206EBA9B4527E78BFE1918E2192B7473 ] \Device\Harddisk0\DR0\Partition1

21:45:03.0977 0x1624 \Device\Harddisk0\DR0\Partition1 - ok

21:45:03.0977 0x1624 [ 2E705DA3CEBC2901D2AA48630645D040 ] \Device\Harddisk0\DR0\Partition2

21:45:03.0977 0x1624 \Device\Harddisk0\DR0\Partition2 - ok

21:45:03.0977 0x1624 [ BC9B2F32CF360AC520B88FF4F0767786 ] \Device\Harddisk1\DR1\Partition1

21:45:03.0977 0x1624 \Device\Harddisk1\DR1\Partition1 - ok

21:45:03.0977 0x1624 ================ Scan generic autorun ======================

21:45:03.0977 0x1624 [ 7FD12B4E38EF2A12B730D549E51B2D3B, 74B9E762AA5BA67263CF513FFF3AFE32B29F9B4091CF9A14EAED17559D1A2F54 ] C:\Program Files (x86)\ChiconyCam\CECAPLF.exe

21:45:03.0992 0x1624 CECAPLF - ok

21:45:03.0992 0x1624 [ 7D77F0A8CEE308849297B5A3DB00A69F, 60837FC08F6270E1241A695C9F769A9402D9B7725B853A43431BA7D4126225C8 ] C:\Windows\system32\igfxtray.exe

21:45:03.0992 0x1624 IgfxTray - ok

21:45:04.0008 0x1624 [ C77B3A6DD1D1E2187E901B8D31C41135, F9A55421E1F2B3690D9E42DF3C34250BDE889A98C3C6ED200109C0BA9E9421F7 ] C:\Windows\system32\hkcmd.exe

21:45:04.0008 0x1624 HotKeysCmds - ok

21:45:04.0024 0x1624 [ 8C71E6D87C5FEF0BFC4B1FC75EA0CB0A, 5A5056EAC2BC9643F80DAFABF1FE76980E0CF9A39CE877A7C48CB49121BF0660 ] C:\Windows\system32\igfxpers.exe

21:45:04.0024 0x1624 Persistence - ok

21:45:04.0024 0x1624 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe

21:45:04.0024 0x1624 THXCfg64 - ok

21:45:04.0039 0x1624 [ FCEB9FE1AEFAAE5B3B00346B733962FF, 3C31F8EAF478DFEF6E0A54E9BBA1BF7E9A727F2C8B1D15F1661DAD69E6AA36F0 ] C:\Program Files\ActivIdentity\ActivClient\acevents.exe

21:45:04.0039 0x1624 acevents - ok

21:45:04.0039 0x1624 [ D49E5EB3CADD483178A0194ED7FE1F73, F426578D43D98240CF8B9937DB6E61A7C71A229D076A8165A3352710C3ABC470 ] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

21:45:04.0055 0x1624 accrdsub - ok

21:45:04.0055 0x1624 [ E6A3062BDB2E18EBDEB69CF7F7A3A070, 48AB0CCA0230DCBB47CCC765659E390A4A42AC7303A27B835B9FBB1168AC7BF1 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

21:45:04.0055 0x1624 IAStorIcon - ok

21:45:04.0055 0x1624 [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

21:45:04.0070 0x1624 BLEServicesCtrl - ok

21:45:04.0070 0x1624 BTMTrayAgent - ok

21:45:04.0070 0x1624 [ A005676B30AEB3C7703C317D992B193A, 446155F3AB94BF33DB91E7C2C1EED57ED449D82710BFC96DFA07DBA1D346399E ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

21:45:04.0070 0x1624 USB3MON - ok

21:45:04.0086 0x1624 [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe

21:45:04.0102 0x1624 mcui_exe - ok

21:45:04.0180 0x1624 [ 791E0C3A4A8BDE574D44E5C2220051E6, 7F135E2C6B4B4C7EA86AD7A9036401E0F52480889B6BCE3D1911435778EBA37B ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

21:45:04.0242 0x1624 HDAudDeck - ok

21:45:04.0258 0x1624 [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe

21:45:04.0258 0x1624 mcpltui_exe - ok

21:45:04.0273 0x1624 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

21:45:04.0273 0x1624 SunJavaUpdateSched - ok

21:45:04.0304 0x1624 [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

21:45:04.0304 0x1624 Adobe ARM - ok

21:45:04.0320 0x1624 Adobe Speed Launcher - ok

21:45:04.0320 0x1624 Waiting for KSN requests completion. In queue: 254

21:45:05.0323 0x1624 Waiting for KSN requests completion. In queue: 254

21:45:06.0337 0x1624 Waiting for KSN requests completion. In queue: 254

21:45:07.0341 0x1624 AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x50000 ( disabled : updated )

21:45:07.0341 0x1624 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x50010 ( disabled )

21:45:07.0356 0x1624 Win FW state via NFP2: enabled

21:45:10.0123 0x1624 ============================================================

21:45:10.0123 0x1624 Scan finished

21:45:10.0123 0x1624 ============================================================

21:45:10.0123 0x09ec Detected object count: 0

21:45:10.0123 0x09ec Actual detected object count: 0



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 12 December 2014 - 09:50 PM

That's clean.

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 12 December 2014 - 10:44 PM

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
 Google Chrome 26.0.1410.64 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 21-07-2014
Ran by Joseph (administrator) on 12-12-2014 at 22:17:01
Running from "C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEAHBSDF"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Joseph (administrator) on 12-12-2014 at 22:18:32
Running from "C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGD1V7OY"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6235 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 14 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Puget-109085
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net

Wireless LAN adapter Wireless Network Connection 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : C8-F7-33-AC-A4-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BlackBerry Virtual Private Network
   Physical Address. . . . . . . . . : 02-60-D0-21-0A-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd0e:bed8:d3c9:6d95:9a8a:60ac:f932:cd3e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e018:641e:54ca:3471%33(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.52.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 738328698
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B7-C7-48-00-90-F5-DE-EE-3A
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6235
   Physical Address. . . . . . . . . : C8-F7-33-AC-A4-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:5:9a00:504:20dd:45b8:f398:7662(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:5:9a00:504:5467:b472:6ea1:1122(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20dd:45b8:f398:7662%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, December 12, 2014 9:42:51 PM
   Lease Expires . . . . . . . . . . : Saturday, December 13, 2014 9:42:52 PM
   Default Gateway . . . . . . . . . : fe80::5a6d:8fff:feee:7411%15
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 382269235
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B7-C7-48-00-90-F5-DE-EE-3A
   DNS Servers . . . . . . . . . . . : 2601:5:9a00:504:5a6d:8fff:feee:7411
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       hsd1.ga.comcast.net

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : br.br.cox.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-90-F5-DE-EE-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1cf9:36d5:9d0b:7fab(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cf9:36d5:9d0b:7fab%12(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{E62B3CBB-E64F-4907-856C-2FBC709E3AE4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.ga.comcast.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{391A69E5-6576-44F7-84E0-520E3342AB9A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.br.br.cox.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2601:5:9a00:504:5a6d:8fff:feee:7411

Name:    google.com
Addresses:  2607:f8b0:4002:802::100e
   74.125.229.133
   74.125.229.137
   74.125.229.128
   74.125.229.142
   74.125.229.136
   74.125.229.132
   74.125.229.131
   74.125.229.129
   74.125.229.134
   74.125.229.135
   74.125.229.130

Pinging google.com [2607:f8b0:4002:802::100e] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4002:802::100e: time=27ms

Ping statistics for 2607:f8b0:4002:802::100e:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 27ms, Average = 27ms
Server:  UnKnown
Address:  2601:5:9a00:504:5a6d:8fff:feee:7411

Name:    yahoo.com
Addresses:  98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=109ms TTL=49
Reply from 98.139.183.24: bytes=32 time=115ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 109ms, Maximum = 115ms, Average = 112ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 35...c8 f7 33 ac a4 dc ......Microsoft Virtual WiFi Miniport Adapter
 33...02 60 d0 21 0a 01 ......BlackBerry Virtual Private Network
 15...c8 f7 33 ac a4 db ......Intel® Centrino® Advanced-N 6235
 11...00 90 f5 de ee 3a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.111     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.52.113    261
   169.254.52.113  255.255.255.255         On-link    169.254.52.113    261
  169.254.255.255  255.255.255.255         On-link    169.254.52.113    261
      192.168.1.0    255.255.255.0         On-link     192.168.1.111    281
    192.168.1.111  255.255.255.255         On-link     192.168.1.111    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.111    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.52.113    261
        224.0.0.0        240.0.0.0         On-link     192.168.1.111    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.52.113   9999
  255.255.255.255  255.255.255.255         On-link     192.168.1.111    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    281 ::/0                     fe80::5a6d:8fff:feee:7411
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:5ef5:79fb:1cf9:36d5:9d0b:7fab/128
                                    On-link
 15     33 2601:5:9a00:504::/64     On-link
 15     41 2601:5:9a00:504::/64     fe80::5a6d:8fff:feee:7411
 15    281 2601:5:9a00:504:20dd:45b8:f398:7662/128
                                    On-link
 15    281 2601:5:9a00:504:5467:b472:6ea1:1122/128
                                    On-link
 33    261 fd00::/8                 On-link
 33    261 fd0e:bed8:d3c9:6d95:9a8a:60ac:f932:cd3e/128
                                    On-link
 33    261 fe80::/64                On-link
 15    281 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1cf9:36d5:9d0b:7fab/128
                                    On-link
 15    281 fe80::20dd:45b8:f398:7662/128
                                    On-link
 33    261 fe80::e018:641e:54ca:3471/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 33    261 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/12/2014 10:10:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/12/2014 09:45:30 PM) (Source: RIM MDNS) (User: )
Description: Client application bug: DNSServiceResolve(0ebed8d3c96d959a8a60acf932cd3e._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/12/2014 09:42:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 09:42:22 PM) (Source: RIM MDNS) (User: )
Description: 684: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (12/12/2014 09:42:22 PM) (Source: RIM MDNS) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (12/12/2014 05:12:25 PM) (Source: RIM MDNS) (User: )
Description: Client application bug: DNSServiceResolve(1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS) (User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 02   26 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local. SRV 0 0 49161 Puget-109085.local.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS) (User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 08   51 _tunnel._tcp.local. PTR 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS) (User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 10    1 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local. TXT

Error: (12/12/2014 03:10:23 PM) (Source: Microsoft-Windows-RestartManager) (User: Puget-109085)
Description: Application or service 'Internet Explorer' could not be shut down.

System errors:
=============
Error: (12/12/2014 09:43:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/12/2014 00:59:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/12/2014 00:32:06 PM) (Source: DCOM) (User: Puget-109085)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Puget-109085JosephS-1-5-21-126425380-909276842-1556251117-1000LocalHost (Using LRPC)

Error: (12/12/2014 00:32:06 PM) (Source: DCOM) (User: Puget-109085)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Puget-109085JosephS-1-5-21-126425380-909276842-1556251117-1000LocalHost (Using LRPC)

Error: (12/12/2014 00:32:06 PM) (Source: DCOM) (User: Puget-109085)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Puget-109085JosephS-1-5-21-126425380-909276842-1556251117-1000LocalHost (Using LRPC)

Error: (12/12/2014 00:27:20 PM) (Source: DCOM) (User: )
Description: {7323885B-407F-4839-9695-96F545FF6286}

Error: (12/11/2014 07:07:48 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/10/2014 07:26:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/10/2014 07:25:52 PM) (Source: BugCheck) (User: )
Description: 0x0000001a (0x0000000000041287, 0x0000000000000030, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP121014-9048-01

Error: (12/10/2014 07:25:51 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:23:03 PM on ‎12/‎10/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (12/12/2014 10:10:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/12/2014 09:45:30 PM) (Source: RIM MDNS)(User: )
Description: Client application bug: DNSServiceResolve(0ebed8d3c96d959a8a60acf932cd3e._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/12/2014 09:42:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 09:42:22 PM) (Source: RIM MDNS)(User: )
Description: 684: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (12/12/2014 09:42:22 PM) (Source: RIM MDNS)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (12/12/2014 05:12:25 PM) (Source: RIM MDNS)(User: )
Description: Client application bug: DNSServiceResolve(1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS)(User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 02   26 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local. SRV 0 0 49161 Puget-109085.local.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS)(User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 08   51 _tunnel._tcp.local. PTR 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local.

Error: (12/12/2014 05:10:24 PM) (Source: RIM MDNS)(User: )
Description: SendResponses: No active interface 02A9C4D8 to send: 00000000 10    1 1a740fc8acbbc65d4f26d0e1d96a3e._tunnel._tcp.local. TXT

Error: (12/12/2014 03:10:23 PM) (Source: Microsoft-Windows-RestartManager)(User: Puget-109085)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111760720

 

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AuthenTec Fingerprint Driver (Version: 1.6.1.0342 - AuthenTec) Hidden
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version:  - BisonCam)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.48 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.48 - BlackBerry Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
ChairGun4 4.2.0 (HKLM-x32\...\{188B215B-4A33-4B83-9885-19A8CA93236F}_is1) (Version:  - Hawke Sport Optics)
ChiconyCam (HKLM-x32\...\{A2201542-DA80-457F-8BD9-6C9C90196481}) (Version: 1.0.47.0819 - Chicony Electronics Co.,Ltd.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 9 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate)
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.10.2.2_WHQL (HKLM\...\Elantech) (Version: 11.10.2.2 - ELAN Microelectronic Corp.)
HDtracks Downloader (HKLM-x32\...\HDtracks Downloader) (Version: 18 - J. River, Inc.)
Hotkey 6.0044 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0044 - NoteBook)
Hotkey 6.0044 (x32 Version: 6.0044 - NoteBook) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.1.2.400 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.943.1 - Intel Corporation) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
JRiver Media Center 18 (HKLM-x32\...\Media Center 18) (Version: 18 - J. River, Inc.)
K-Lite Codec Pack 7.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.2.0 - )
Logos 5 Prerequisites (HKLM-x32\...\{497312BD-8C5F-4726-B0C4-6E036D2EBD28}) (Version: 5.33.0744 - Logos Bible Software)
Logos Bible Software (HKLM-x32\...\{8DA7A108-A217-4030-BE15-7772DEC0D1DC}) (Version: 5.34.1595 - Logos Bible Software)
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.9.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MozyHome (HKLM\...\{88AE47C9-A9D2-E89D-C165-573D8015336D}) (Version: 2.28.0.421 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PureEdge Viewer 6.5 (HKLM-x32\...\{E0000650-0650-0650-0650-000000000650}) (Version:  - )
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27020 - Realtek Semiconductor Corp.)
Remington Shoot! (HKLM-x32\...\Remington Shoot!) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.10 (2/12/2014) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TaxACT 2012 - 1040 Edition (HKLM-x32\...\TaxACT 2012 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM-x32\...\TaxACT 2013 - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 0.90 - TaxACT, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{E762A933-274B-4860-B066-A39FAB0838FD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{E762A933-274B-4860-B066-A39FAB0838FD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A87EDEA3-4861-4D99-9B36-F442740F1287}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{26A0F874-417C-4B0A-8088-3FA53638FB49}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6C727BC2-B2B9-4B03-BD7E-682EA6FA1C04}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Movie Studio Platinum 9.0 (HKLM-x32\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam)
WebCam Installer (x32 Version: 4.04 - WebCam) Hidden
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8082.54 MB
Available physical RAM: 5748.94 MB
Total Pagefile: 16163.25 MB
Available Pagefile: 13588.24 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:167.58 GB) (Free:68.5 GB) NTFS
2 Drive d: () (Fixed) (Total:698.63 GB) (Free:384.39 GB) NTFS

========================= Users: ========================================

User accounts for \\PUGET-109085

Administrator            Guest                    Joseph                  

========================= Restore Points ==================================

29-11-2014 04:59:48 before rk
02-12-2014 23:29:43 Windows Update
09-12-2014 09:56:28 Windows Update
09-12-2014 19:47:36 Windows Update
12-12-2014 17:57:20 Windows Update
12-12-2014 18:27:31 Removed Java 8 Update 25
12-12-2014 20:17:53 Removed Microsoft Silverlight

**** End of log ****

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/12/2014

Scan Time: 10:19:40 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2014.12.12.08

Rootkit Database: v2014.12.08.03

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Joseph

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 350600

Time Elapsed: 4 min, 3 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

Malwarebytes Anti-Rootkit Documentation

    

 

 

 

 

 

 

 

 

The purpose of this document is to provide basic documentation for the use of Malwarebytes Anti-Rootkit BETA.  Use of Malwarebytes Anti-Rookit BETA (MBAR) requires that you agree to and accept the terms of use described in the accompanying “license.rtf” file included within the archive.

 

 

 

 

 

 

 

 

 

Contents

Introduction: 2

Background: 3

Scope of Malwarebytes Anti-Rootkit: 4

Usage Instructions: 5

fixdamage.exe: 6

Command Line Syntax and Advanced Usage: 6

Log Files: 7

Quarantine and Ignore List: 9

Contact Us: 9

 

 

 

Introduction:

Malwarebytes Anti-Rootkit (MBAR) is a tool designed by Malwarebytes Corporation to detect and remove sophisticated, stealthy forms of malware called “Rootkits”.  Rootkits are hidden forms of malware which most normal malware scanning tools cannot detect or remove.

Background:

Rootkits have the ability to infect the very core or ‘root’ of an operating system and hide the existence of certain processes and malicious programs from normal methods of detection. Rootkits can also enable continued privileged access to a computer to make system level modifications, leaving the system heavily compromised.

 Malwarebytes Anti-Rootkit (MBAR) is designed to counteract malicious attempts to subvert base core subsystems of an OS which usually make it impossible to detect rootkits using conventional methods. Besides the general functionality of allowing a user to detect and remove rootkits automatically, MBAR contains a set of tools allowing to an experienced user to perform some actions to locate unknown rootkits and remove them manually. To protect itself from being terminated by a rootkit or other malware, MBAR uses Malwarebytes Chameleon technologies which prevent modification or removal of MBAR by malware which may reside on the system.  This allows MBAR to complete the detection and removal process regardless of such attacks. MBAR uses an active internet connection to keep its database up to ensure that the most current definitions are used in order to detect and remove the latest 0-day rootkits.

Scope of Malwarebytes Anti-Rootkit:

Malwarebytes Anti-Rootkit (MBAR) has been tested and proven to be effective against the following types of rootkits:

  • Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
  • Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
  • Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
  • Volume Boot Record/OS Bootstrap infectors like Cidox
  • Disk Partition table infectors like SST/Elureon
  • User mode patchers/infectors like ZeroAccess.
  • And many more!

MBAR provides a comprehensive system scan to check for rootkits that includes drivers, MBRs (Master Boot Records) and VBRs (Volume Boot Records).

 

 

 

Usage Instructions:

Malwarebytes Anti-Rootkit (MBAR) is provided as an archive package and does not require installation. Users simply need to download the package and extract it into a folder on the local hard drive keeping the archive’s directory structure intact (It is possible to unpack all files directly to the system desktop although it is not recommended and if possible, you should instead extract it to its own folder, for example a folder called ‘MBAR’ on the desktop. A sample folder “C:\MBAR\” as a home directory is used in all of the following examples). The current MBAR implementation is based on a simple to use wizard. To perform a normal system scan and cleanup a user should just run the program and follow the onscreen instructions; no other options are necessary.  Administrative privileges are required. MBAR will scan the system and will prompt the user to perform recommended actions.

If any infections are detected during the scan, the user should use the ‘Cleanup’ button to remove them, restarting the system if prompted.

Important! Shutdown is an essential part of the threat removal process. A computer should not be hard-reset after the scan is completed and malware removal scheduled.

Once you have restarted, it is important that you run another scan to verify that no additional infections remain.  If the scan comes back infected again, remove any found threats and restart again, running another scan after reboot to then verify that it comes back clean.

Note:

  • On some hardware the computer may hang at the very end of the reboot process if malware cleanup was scheduled. It does not affect the removal process and the computer can be manually restarted using the ‘Reset’ button or by pressing and holding the ‘Power’ button on the PC for 5 seconds if no noticeable disk activity is present (HDD LED is not flashing) within five minutes after restart has been initiated.
  • In some cases additional MBAR scans might be necessary to cleanup any leftovers which were not detected or removed during the previous scan (This is not necessary if the previous scan came back clean with no threats of any kind detected).  It is recommended that a second scan always be performed after the removal and reboot process to ensure that all active threats have been removed and that no further threats remained.  This should be repeated until the scan comes back with no detections.
  • Don’t remove MBAR’s drivers from memory using “/r” option if a cleanup has been scheduled as the drivers are required for the removal process.

Some malware may block the loading of drivers so anti-rootkit utilities which use kernel-mode drivers are unable to perform scans. In this case MBAR may try to load its drivers on boot to complete the scan. In such cases you will be prompted to reboot the computer to install the drivers:

DDA driver was not installed which may be caused by rootkit activity.
Do you want to reboot the computer to install DDA driver (Scan will continue after reboot) (Y/N)?

MBAR will restart a computer and automatically open so that the user may initiate the malware scan after the system restart is complete.

MBAR is able to work in a Safe Mode which may be useful if malware is blocking the tool from functioning in normal mode.

fixdamage.exe:

Included with Malwarebytes Anti-Rootkit is a tool called fixdamage.  This utility can repair some common problems which are the result of some rootkit infections.  Normally as part of the cleanup/removal process, MBAR will automatically run fixdamage for you if required, however you may run it manually if need be should any problems remain after restarting your PC after the removal process is completed such as Windows Update problems, the Windows Firewall not functioning or a lack of internet connectivity.

To run fixdamage manually, simply open MBAR’s folder and open the folder called “Plugins” and then double-click on fixdamage.exe and then restart your computer, even if not prompted to do so.

Command Line Syntax and Advanced Usage:

The available command line syntax and switches for Malwarebytes Anti-Rootkit are as follows:

Usage: MBAR.exe [/r] [/u] [/z]

  • /r - Remove driver. This option will remove drivers from memory which were installed by MBAR. Usually MBAR removes its drivers after use when they are no longer required, but in some cases when MBAR was abruptly terminated, some drivers may remain loaded. MBAR keeps drivers in memory if malware was found and system cleanup on reboot is necessary. To completely remove them from memory use this option. This will terminate a scheduled cleanup task as well.
  • /u - Disable rootkit unhooking mechanism. MBAR uses a sophisticated mechanism to counteract malicious changes on the System (“Hooks”) and it is still experimental. In some rare cases this mechanism may prove unstable. Using this option disables this mechanism but makes detection less reliable.
  • /z - Do not activate protection driver. Normally MBAR installs the Chameleon self-protection driver right before a scan is started. In some cases this driver may conflict with other software on the system and should be disabled using this option should such a conflict occur.
Log Files:

Malwarebytes Anti-Rootkit (MBAR) creates two log files to save all valuable information about a malware scan and the hardware used. The malware scan log is created in the current directory in a format similar to that used by Malwarebytes Anti-Malware. The following is an example of the naming scheme for this scan log:

mbar-log-2012-06-25 (16-30-00).txt

A log file with detections might look like this, containing info about all detected items:

Malwarebytes Anti-Rootkit 1.1.0.1000

www.malwarebytes.org

Database version: v2012.06.25.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 
:: WMXP32 [administrator]

6/25/2012 4:30:00 PM
mbar-log-2012-06-25 (16-30-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 24649
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Delete on reboot. [a3d9b340f76567cf5ae9a8458c774db3]
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2 (Rootkit.Agent) -> Delete on reboot. [bdbfb34075e753e368dc6a838a79ca36]
HKLM\System\CurrentControlSet\Services\runtime (Rootkit.Agent) -> Delete on reboot. [9ddfc132e17b44f25672eb0670935fa1]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\system32\drivers\runtime2.sys (Rootkit.Cutwail) -> Delete on reboot. [763bd40c542382a03a9081fd64c2bd49]
C:\Documents and Settings\Administrator\Desktop\readme(30).exe (Rootkit.0Access) -> Delete on reboot. [cbb1e80ba1bb47ef8ca45c281fe155ab]
C:\WINDOWS\system32\8_exception.nls (Trojan.Tibs) -> Delete on reboot. [1f5dae4561fb4ee80d419ad422e14db3]

(end)

 

Scan logs are created as a separate file for each scan performed. In addition to the scan log, MBAR creates another log file with environmental information in it. Its name is always “system-log.txt” and the file is appended to every time Malwarebytes Anti-Rootkit is executed.

 

 

Quarantine and Ignore List:

Malwarebytes Anti-Rootkit (MBAR) is a stand-alone application but it shares some features of Malwarebytes Anti-Malware (MBAM) which may or may not be already installed on the computer, though certain functions dealing with ignore listing and managing the quarantine may only be available if Malwarebytes Anti-Malware is installed.

  1. Quarantine - MBAR uses the same format for quarantined items as MBAM and stores quarantined items in the same location that MBAM does so all quarantined items appear in the Quarantine tab in MBAM.  This makes it possible to manage them using MBAM. It should also be noted that MBAR does not have the capability to manage or restore quarantined items by itself, so MBAM must be used if an item needs to be restored.

Note: some items like MBR, VBR and patched drivers are currently quarantined as binary files only and cannot be restored using MBAM.

  1. Ignore List - MBAR uses the same ignore list used by MBAM so exclusions may be managed using the Ignore List tab in MBAM. In order to add or remove an item to be ignored by MBAR, MBAM must be installed as MBAR currently cannot add or remove any items to or from the Ignore List on its own.
Contact Us:

If you continue experiencing problems or MBAR fails to completely detect and remove a rootkit from your system then please contact us by filling out the form at http://www.malwarebytes.org/contact_consumer.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8475152384, free: 5833175040

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8475152384, free: 5885116416

Downloaded database version: v2014.12.12.08
Downloaded database version: v2014.12.08.03
Downloaded database version: v2014.12.06.01
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
     12/12/2014 22:31:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mozy.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\rimvndis6_AMD64.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\VMfilt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\userenv.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009cbe060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa8007467320
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009cbd060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa80074679c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009cbd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009cbdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009cbd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009bcbc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80074679c0, DeviceName: \Device\0000007a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4F3B3F3A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 351442944

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 180045766656 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009cbe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009cbeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009cbe060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009bcb860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8007467320, DeviceName: \Device\0000007b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 321EA82B

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1465143296

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/12/2014 10:38:16 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/12/2014 10:38:34 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

 



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 12 December 2014 - 11:10 PM

Clean so far...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 13 December 2014 - 12:25 AM

# AdwCleaner v4.105 - Report created 12/12/2014 at 23:57:40
# Updated 08/12/2014 by Xplode
# Database : 2014-12-12.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joseph - PUGET-109085
# Running from : C:\Users\Joseph\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [620 octets] - [12/12/2014 23:57:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [679 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joseph on Fri 12/12/2014 at 23:52:23.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/12/2014 at 23:55:15.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

lots of trouble with Sophos???



#8 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 13 December 2014 - 10:28 AM

OK - rebooted and got Sophos to run: nothing found.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 13 December 2014 - 06:10 PM

How is computer doing?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 14 December 2014 - 01:23 AM

It seems to be running OK - however, I still noticed multiple sessions of IE in task manager (even with IE is closed).  Is this normally how IE operates?



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 14 December 2014 - 02:15 PM

No. There is something wrong there.

 

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 14 December 2014 - 02:36 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-14 14:21:07
-----------------------------
14:21:07.159    OS Version: Windows x64 6.1.7601 Service Pack 1
14:21:07.159    Number of processors: 4 586 0x3A09
14:21:07.159    ComputerName: PUGET-109085  UserName: Joseph
14:21:07.580    Initialize success
14:21:07.767    VM: initialized successfully
14:21:07.767    VM: Intel CPU supported
14:21:40.317    VM: disk I/O iaStorA.sys
14:23:29.346    AVAST engine defs: 14121401
14:27:48.638    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007a
14:27:48.638    Disk 0 Vendor: INTEL___ 400i Size: 171705MB BusType: 11
14:27:48.638    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000007b
14:27:48.638    Disk 1 Vendor: WDC_____ 01.0 Size: 715404MB BusType: 11
14:27:48.638    Disk 0 MBR read successfully
14:27:48.653    Disk 0 MBR scan
14:27:48.653    Disk 0 Windows 7 default MBR code
14:27:48.653    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:27:48.653    Disk 0 default boot code
14:27:48.669    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       171603 MB offset 206848
14:27:48.700    Disk 0 scanning C:\Windows\system32\drivers
14:27:56.391    Service scanning
14:28:06.235    Modules scanning
14:28:06.235    Disk 0 trace - called modules:
14:28:06.235    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
14:28:06.235    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009cbd060]
14:28:06.235    3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> [0xfffffa8007a66c50]
14:28:06.235    5 iaStorF.sys[fffff88001e9ff84] -> nt!IofCallDriver -> \Device\0000007a[0xfffffa8007407170]
14:28:06.625    AVAST engine scan C:\Windows
14:28:07.685    AVAST engine scan C:\Windows\system32
14:30:49.174    AVAST engine scan C:\Windows\system32\drivers
14:31:02.886    AVAST engine scan C:\Users\Joseph
14:33:51.686    AVAST engine scan C:\ProgramData
14:35:01.096    Disk 0 statistics 4146733/0/0 @ 17.20 MB/s
14:35:01.096    Scan finished successfully
14:35:55.872    Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Desktop\MBR.dat"
14:35:55.884    The log file has been saved successfully to "C:\Users\Joseph\Desktop\aswMBR.txt"

 



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 14 December 2014 - 02:38 PM

Looks clean.

 

Let's employ more advanced tools.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 jp_over

jp_over
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA
  • Local time:11:01 AM

Posted 14 December 2014 - 03:07 PM

OK - done!



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:01 AM

Posted 14 December 2014 - 03:12 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users