Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't update and MBAR indicated rootkit present


  • This topic is locked This topic is locked
12 replies to this topic

#1 ceered

ceered

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 February 2015 - 03:37 PM

I had problems getting windows to update. I requested help in this topic http://www.bleepingcomputer.com/forums/t/566198/windows-update-will-not-work-and-preventing-antivirus-working/ and after following instructions and posting logs was asked to run FRST and post logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Natalie (administrator) on NATALIE-PC on 12-02-2015 20:14:39
Running from C:\Users\Natalie\Desktop
Loaded Profiles: Natalie (Available profiles: Natalie & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Microsoft Corporation) C:\Windows\softwaredistribution\Download\Install\Windows-KB890830-x64-V5.21-delta.exe
(Microsoft Corporation) C:\9ca6496b2ac0cd8672aa8e27a9\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3172653950-560254438-1359586312-1001\...\MountPoints2: {55c58cb5-c06a-11e2-92aa-b870f4f04081} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3172653950-560254438-1359586312-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3172653950-560254438-1359586312-1001 -> {3F2173AC-9849-45BA-A527-BF663B17A263} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B015GB693D20140301&p={SearchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3172653950-560254438-1359586312-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Natalie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://uk.search.yahoo.com/search?fr=mcafee&type=B211GB693D20140301&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Natalie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CFileConverter Class) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-02-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (Google Search) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (SiteAdvisor) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-11]
CHR Extension: (Skype Click to Call) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-08]
CHR Extension: (Google Wallet) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-07]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [108296 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [123656 2007-04-24] (MCCI Corporation)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-09-17] (Trend Micro Inc.)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 20:14 - 2015-02-12 20:15 - 00022095 _____ () C:\Users\Natalie\Desktop\FRST.txt
2015-02-12 20:14 - 2015-02-12 20:14 - 00000000 ____D () C:\FRST
2015-02-12 20:13 - 2015-02-12 20:13 - 02134016 _____ (Farbar) C:\Users\Natalie\Desktop\FRST64.exe
2015-02-12 20:05 - 2015-02-12 20:05 - 00000000 ____D () C:\9ca6496b2ac0cd8672aa8e27a9
2015-02-10 21:11 - 2015-02-10 21:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-02-10 21:11 - 2015-02-10 21:11 - 00000000 ____D () C:\Program Files\Synaptics
2015-02-10 21:08 - 2015-02-10 21:09 - 34483097 _____ () C:\Users\Natalie\Downloads\TouchPad_Synaptics_15.1.18.0_W7x86W7x64_A.zip
2015-02-10 20:51 - 2015-02-10 21:02 - 63985163 _____ () C:\Users\Natalie\Downloads\TouchPad_ELANTECH_8.0.6.3_W7x86W7x64_A.zip
2015-02-10 00:04 - 2015-02-10 00:05 - 00002040 _____ () C:\Users\Natalie\Desktop\Rkill.txt
2015-02-10 00:02 - 2015-02-10 00:02 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Natalie\Desktop\rkill.exe
2015-02-09 23:27 - 2015-02-10 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 23:17 - 2015-02-09 23:58 - 00000000 ____D () C:\Users\Natalie\Desktop\mbar
2015-02-09 23:16 - 2015-02-09 23:16 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Natalie\Desktop\mbar-1.08.3.1004.exe
2015-02-09 23:06 - 2015-02-09 23:06 - 00001064 _____ () C:\Users\Natalie\Desktop\9thfebscan.txt
2015-02-09 22:37 - 2015-02-09 22:38 - 00054890 _____ () C:\Users\Natalie\Desktop\Result.txt
2015-02-09 22:32 - 2015-02-09 22:32 - 00003134 _____ () C:\Users\Natalie\Desktop\FSS.txt
2015-02-09 22:23 - 2015-02-09 22:23 - 00852594 _____ () C:\Users\Natalie\Desktop\SecurityCheck.exe
2015-02-08 21:04 - 2015-02-08 21:04 - 00000000 ____D () C:\Program Files (x86)\Windows Resource Kits
2015-02-08 20:11 - 2015-02-08 20:11 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-08 20:10 - 2015-02-08 20:10 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-08 20:10 - 2015-02-08 20:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-08 20:10 - 2015-02-08 20:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-08 10:22 - 2015-02-10 00:48 - 00000000 ____D () C:\Users\Natalie\Desktop\STUFF
2015-02-07 22:42 - 2015-02-10 00:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 22:41 - 2015-02-09 23:58 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 22:41 - 2015-02-07 22:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 22:41 - 2015-02-07 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 22:41 - 2015-02-07 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-07 22:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 22:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 22:39 - 2015-02-07 22:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Natalie\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-07 22:36 - 2015-02-07 23:02 - 00000000 ____D () C:\Users\Natalie\AppData\Local\Agtworks
2015-02-07 22:36 - 2015-02-07 22:36 - 00000000 ____D () C:\Users\Natalie\AppData\Local\Ukvqmedia
2015-02-07 21:22 - 2015-02-07 21:22 - 00000000 ____D () C:\Windows\Sun
2015-02-07 20:59 - 2015-02-07 20:59 - 00584560 _____ (McAfee, Inc.) C:\Users\Natalie\Downloads\MVTInstaller (1).exe
2015-02-07 20:43 - 2015-02-07 20:43 - 00001920 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-02-07 20:42 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-07 20:41 - 2015-02-07 20:41 - 00000000 ____D () C:\Program Files\McAfee.com
2015-02-07 20:30 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-07 20:23 - 2015-02-07 20:23 - 05312536 _____ (McAfee, Inc.) C:\Users\Natalie\Desktop\McAfeeSetup-Serial.exe
2015-02-07 19:40 - 2015-02-07 20:42 - 00000000 ____D () C:\Program Files\McAfee
2015-02-07 19:30 - 2015-02-07 20:42 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-07 19:19 - 2015-02-07 19:19 - 00199948 _____ () C:\Users\Natalie\Desktop\mctriage.zip
2015-02-06 18:34 - 2015-02-06 18:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-05 16:19 - 2015-02-05 16:19 - 00278920 _____ () C:\Windows\Minidump\020515-42650-01.dmp
2015-01-22 09:12 - 2015-01-22 09:12 - 00002030 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-15 15:35 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 15:35 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 15:35 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 15:35 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 15:35 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 15:35 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 15:35 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:51 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:51 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:51 - 2014-12-11 17:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:51 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:51 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:51 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 20:15 - 2011-09-11 18:18 - 01942565 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 20:13 - 2011-12-25 23:28 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3172653950-560254438-1359586312-1001Core.job
2015-02-12 20:08 - 2012-12-11 07:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 20:05 - 2013-11-02 16:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 20:05 - 2013-11-02 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 20:04 - 2012-01-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 20:01 - 2014-03-28 21:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4ac8ba6e2abf.job
2015-02-12 20:01 - 2012-12-07 19:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 20:00 - 2011-12-25 23:28 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3172653950-560254438-1359586312-1001UA.job
2015-02-10 21:45 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 21:45 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 21:40 - 2011-12-25 12:28 - 00000000 ____D () C:\ProgramData\clear.fi
2015-02-10 21:37 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 21:37 - 2009-07-14 04:51 - 00151552 _____ () C:\Windows\setupact.log
2015-02-10 21:36 - 2011-09-11 18:19 - 00406962 _____ () C:\Windows\DPINST.LOG
2015-02-10 13:27 - 2010-11-21 03:47 - 01647232 _____ () C:\Windows\PFRO.log
2015-02-09 23:55 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Branding
2015-02-08 21:16 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-08 12:02 - 2012-08-16 09:45 - 00000000 ____D () C:\ProgramData\Kodak
2015-02-08 12:02 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 12:01 - 2012-12-07 19:52 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-08 12:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2015-02-07 23:42 - 2011-07-20 07:41 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-07 23:04 - 2014-07-01 19:53 - 00000000 ____D () C:\Users\Natalie\AppData\Local\TB
2015-02-07 23:03 - 2011-09-12 03:09 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2015-02-07 22:41 - 2012-04-13 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 22:28 - 2014-02-28 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-07 22:28 - 2011-12-25 12:13 - 00000000 ____D () C:\Users\Natalie\AppData\Local\PowerCinema
2015-02-07 22:28 - 2011-12-25 12:13 - 00000000 ____D () C:\Users\Natalie
2015-02-07 22:28 - 2010-11-21 07:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-07 21:41 - 2014-02-28 23:54 - 00000000 ____D () C:\Users\Natalie\AppData\Local\Deployment
2015-02-07 20:42 - 2013-08-11 20:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-07 20:23 - 2014-03-01 00:02 - 00000040 _____ () C:\Users\Natalie\Desktop\mcafee serial key.txt
2015-02-06 22:33 - 2012-12-11 07:54 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 18:34 - 2014-09-08 14:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-06 18:34 - 2014-09-08 14:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-06 18:33 - 2011-12-25 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-06 18:33 - 2011-12-25 21:58 - 00000000 ____D () C:\Users\Natalie\AppData\Roaming\Skype
2015-02-06 18:33 - 2011-07-20 07:40 - 00000000 ____D () C:\ProgramData\Skype
2015-02-06 18:32 - 2012-12-07 19:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 18:32 - 2012-12-07 19:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 18:32 - 2011-07-20 08:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 18:23 - 2011-12-25 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-06 17:27 - 2014-03-28 21:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4ac8ba6e2abf
2015-02-06 17:27 - 2012-12-11 07:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 16:19 - 2012-08-24 23:33 - 516693017 _____ () C:\Windows\MEMORY.DMP
2015-02-05 16:19 - 2012-08-24 23:33 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 15:39 - 2013-09-21 15:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 16:09 - 2012-01-03 22:41 - 00000000 ____D () C:\Users\Natalie\AppData\Roaming\PowerCinema
2015-01-27 21:59 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-22 09:12 - 2012-12-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 09:11 - 2011-07-20 07:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-04-27 15:57 - 2014-04-27 15:57 - 0000604 ____H () C:\Program Files (x86)\_43_S
2013-02-26 16:44 - 2013-02-26 16:44 - 0000604 ____H () C:\Program Files (x86)\_Z2
2013-02-26 16:43 - 2013-02-26 16:43 - 0227376 _____ () C:\Users\Natalie\AppData\Roaming\AvidLicenseControl_Install.log
2011-09-11 18:28 - 2011-09-11 18:31 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Natalie\AppData\Local\Temp\0134651423338047mcinst.exe
C:\Users\Natalie\AppData\Local\Temp\0253681423341692mcinst.exe
C:\Users\Natalie\AppData\Local\Temp\CheckSR.dll
C:\Users\Natalie\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe
C:\Users\Natalie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Natalie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Natalie\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Natalie\AppData\Local\Temp\RADIALPOINT_RPS.exe
C:\Users\Natalie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Natalie\AppData\Local\Temp\uttF2AC.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 18:17

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 13 February 2015 - 03:56 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 ceered

ceered
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 13 February 2015 - 07:47 AM

Hi Jurgen
Thanks for helping.
Here is the log from the tdsskiller:

12:35:01.0150 0x0fd8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:39:59.0984 0x0fd8 ============================================================
12:39:59.0984 0x0fd8 Current date / time: 2015/02/13 12:39:59.0984
12:39:59.0984 0x0fd8 SystemInfo:
12:39:59.0984 0x0fd8
12:39:59.0984 0x0fd8 OS Version: 6.1.7601 ServicePack: 1.0
12:39:59.0984 0x0fd8 Product type: Workstation
12:39:59.0984 0x0fd8 ComputerName: NATALIE-PC
12:39:59.0984 0x0fd8 UserName: Natalie
12:39:59.0984 0x0fd8 Windows directory: C:\Windows
12:39:59.0984 0x0fd8 System windows directory: C:\Windows
12:39:59.0984 0x0fd8 Running under WOW64
12:39:59.0984 0x0fd8 Processor architecture: Intel x64
12:39:59.0984 0x0fd8 Number of processors: 4
12:39:59.0984 0x0fd8 Page size: 0x1000
12:39:59.0984 0x0fd8 Boot type: Normal boot
12:39:59.0984 0x0fd8 ============================================================
12:40:00.0202 0x0fd8 KLMD registered as C:\Windows\system32\drivers\23023557.sys
12:40:00.0780 0x0fd8 System UUID: {10C22E1F-481A-A999-82B9-0D465ABA5155}
12:40:01.0934 0x0fd8 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:40:01.0934 0x0fd8 ============================================================
12:40:01.0934 0x0fd8 \Device\Harddisk0\DR0:
12:40:01.0934 0x0fd8 MBR partitions:
12:40:01.0934 0x0fd8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
12:40:01.0934 0x0fd8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x55113000
12:40:01.0934 0x0fd8 ============================================================
12:40:01.0965 0x0fd8 C: <-> \Device\Harddisk0\DR0\Partition2
12:40:01.0965 0x0fd8 ============================================================
12:40:01.0965 0x0fd8 Initialize success
12:40:01.0965 0x0fd8 ============================================================
12:40:53.0882 0x0664 ============================================================
12:40:53.0882 0x0664 Scan started
12:40:53.0882 0x0664 Mode: Manual; SigCheck; TDLFS;
12:40:53.0882 0x0664 ============================================================
12:40:53.0882 0x0664 KSN ping started
12:40:56.0955 0x0664 KSN ping finished: true
12:40:57.0657 0x0664 ================ Scan system memory ========================
12:40:57.0657 0x0664 System memory - ok
12:40:57.0657 0x0664 ================ Scan services =============================
12:40:57.0907 0x0664 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:40:58.0032 0x0664 1394ohci - ok
12:40:58.0063 0x0664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:40:58.0079 0x0664 ACPI - ok
12:40:58.0110 0x0664 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:40:58.0141 0x0664 AcpiPmi - ok
12:40:58.0281 0x0664 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:40:58.0359 0x0664 AdobeARMservice - ok
12:40:58.0500 0x0664 [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:40:58.0547 0x0664 AdobeFlashPlayerUpdateSvc - ok
12:40:58.0593 0x0664 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:40:58.0640 0x0664 adp94xx - ok
12:40:58.0718 0x0664 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:40:58.0781 0x0664 adpahci - ok
12:40:58.0812 0x0664 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:40:58.0827 0x0664 adpu320 - ok
12:40:58.0843 0x0664 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:40:58.0890 0x0664 AeLookupSvc - ok
12:40:58.0952 0x0664 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
12:40:58.0999 0x0664 AFD - ok
12:40:59.0046 0x0664 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:40:59.0077 0x0664 agp440 - ok
12:40:59.0093 0x0664 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:40:59.0108 0x0664 ALG - ok
12:40:59.0155 0x0664 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:40:59.0186 0x0664 aliide - ok
12:40:59.0202 0x0664 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:40:59.0233 0x0664 amdide - ok
12:40:59.0264 0x0664 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:40:59.0295 0x0664 AmdK8 - ok
12:40:59.0295 0x0664 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:40:59.0327 0x0664 AmdPPM - ok
12:40:59.0342 0x0664 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:40:59.0358 0x0664 amdsata - ok
12:40:59.0389 0x0664 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:40:59.0420 0x0664 amdsbs - ok
12:40:59.0436 0x0664 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:40:59.0451 0x0664 amdxata - ok
12:40:59.0498 0x0664 [ 3CF7A4350C9646D92F147D620EC0D363, 0C09A5B3656BCC98151BF3F1F6B827DD5189D89AFFE0730187E5FDB2D84EC4B4 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
12:40:59.0576 0x0664 androidusb - ok
12:40:59.0607 0x0664 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:40:59.0670 0x0664 AppID - ok
12:40:59.0685 0x0664 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:40:59.0732 0x0664 AppIDSvc - ok
12:40:59.0763 0x0664 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:40:59.0779 0x0664 Appinfo - ok
12:40:59.0857 0x0664 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:40:59.0873 0x0664 Apple Mobile Device - ok
12:40:59.0919 0x0664 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
12:40:59.0951 0x0664 arc - ok
12:40:59.0982 0x0664 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:40:59.0997 0x0664 arcsas - ok
12:41:00.0122 0x0664 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:41:00.0153 0x0664 aspnet_state - ok
12:41:00.0185 0x0664 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:41:00.0231 0x0664 AsyncMac - ok
12:41:00.0294 0x0664 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:41:00.0341 0x0664 atapi - ok
12:41:00.0465 0x0664 [ DE9FB3DADE8FD39AE2C587DF22D36B8E, 5315448D41661E625D51330E689139E914E7173DF1F8593C9F81ABC959F5F85D ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:41:00.0559 0x0664 athr - ok
12:41:00.0653 0x0664 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:00.0699 0x0664 AudioEndpointBuilder - ok
12:41:00.0731 0x0664 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:41:00.0762 0x0664 AudioSrv - ok
12:41:00.0793 0x0664 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:41:00.0809 0x0664 AxInstSV - ok
12:41:00.0855 0x0664 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:41:00.0902 0x0664 b06bdrv - ok
12:41:00.0933 0x0664 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:41:00.0996 0x0664 b57nd60a - ok
12:41:01.0105 0x0664 [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
12:41:01.0136 0x0664 BBSvc - ok
12:41:01.0183 0x0664 [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
12:41:01.0199 0x0664 BBUpdate - ok
12:41:01.0370 0x0664 [ 11F844B46B631337395651ABE9C4167B, 98771B4D9DABEE4C485D718E3BB7D4EF365CA1D7CF043BE12431BC08F6D16EFD ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:41:01.0589 0x0664 BCM43XX - ok
12:41:01.0635 0x0664 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:41:01.0651 0x0664 BDESVC - ok
12:41:01.0667 0x0664 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:41:01.0713 0x0664 Beep - ok
12:41:01.0807 0x0664 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:41:01.0885 0x0664 BFE - ok
12:41:01.0916 0x0664 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:41:01.0994 0x0664 BITS - ok
12:41:02.0025 0x0664 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:41:02.0088 0x0664 blbdrive - ok
12:41:02.0181 0x0664 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:41:02.0213 0x0664 Bonjour Service - ok
12:41:02.0244 0x0664 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:41:02.0259 0x0664 bowser - ok
12:41:02.0291 0x0664 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:41:02.0306 0x0664 BrFiltLo - ok
12:41:02.0322 0x0664 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:41:02.0353 0x0664 BrFiltUp - ok
12:41:02.0400 0x0664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:41:02.0431 0x0664 Browser - ok
12:41:02.0478 0x0664 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:41:02.0525 0x0664 Brserid - ok
12:41:02.0556 0x0664 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:41:02.0571 0x0664 BrSerWdm - ok
12:41:02.0587 0x0664 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:41:02.0618 0x0664 BrUsbMdm - ok
12:41:02.0618 0x0664 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:41:02.0634 0x0664 BrUsbSer - ok
12:41:02.0649 0x0664 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:41:02.0712 0x0664 BTHMODEM - ok
12:41:02.0759 0x0664 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:41:02.0821 0x0664 bthserv - ok
12:41:02.0852 0x0664 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:41:02.0899 0x0664 cdfs - ok
12:41:02.0977 0x0664 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:41:03.0055 0x0664 cdrom - ok
12:41:03.0117 0x0664 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:41:03.0180 0x0664 CertPropSvc - ok
12:41:03.0258 0x0664 [ 3B6316004C773CFAD5E6C38EC5DDDBD4, 7F8A68A6267E0C8EC11F84A1034F71991DBD78BB1C7440B6D4AE025EFBCBB534 ] cfwids C:\Windows\system32\drivers\cfwids.sys
12:41:03.0273 0x0664 cfwids - ok
12:41:03.0289 0x0664 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
12:41:03.0320 0x0664 circlass - ok
12:41:03.0351 0x0664 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:41:03.0367 0x0664 CLFS - ok
12:41:03.0429 0x0664 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:03.0461 0x0664 clr_optimization_v2.0.50727_32 - ok
12:41:03.0523 0x0664 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:41:03.0554 0x0664 clr_optimization_v2.0.50727_64 - ok
12:41:03.0648 0x0664 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:03.0679 0x0664 clr_optimization_v4.0.30319_32 - ok
12:41:03.0710 0x0664 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:41:03.0741 0x0664 clr_optimization_v4.0.30319_64 - ok
12:41:03.0773 0x0664 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:41:03.0804 0x0664 CmBatt - ok
12:41:03.0835 0x0664 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:41:03.0851 0x0664 cmdide - ok
12:41:03.0944 0x0664 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
12:41:04.0007 0x0664 CNG - ok
12:41:04.0038 0x0664 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:41:04.0085 0x0664 Compbatt - ok
12:41:04.0116 0x0664 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:41:04.0131 0x0664 CompositeBus - ok
12:41:04.0147 0x0664 COMSysApp - ok
12:41:04.0163 0x0664 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:41:04.0178 0x0664 crcdisk - ok
12:41:04.0225 0x0664 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:41:04.0272 0x0664 CryptSvc - ok
12:41:04.0350 0x0664 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:41:04.0412 0x0664 DcomLaunch - ok
12:41:04.0506 0x0664 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:41:04.0599 0x0664 defragsvc - ok
12:41:04.0631 0x0664 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:41:04.0677 0x0664 DfsC - ok
12:41:04.0724 0x0664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:41:04.0755 0x0664 Dhcp - ok
12:41:04.0771 0x0664 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:41:04.0880 0x0664 discache - ok
12:41:04.0927 0x0664 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
12:41:04.0943 0x0664 Disk - ok
12:41:04.0974 0x0664 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:41:04.0989 0x0664 Dnscache - ok
12:41:05.0021 0x0664 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:41:05.0067 0x0664 dot3svc - ok
12:41:05.0099 0x0664 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:41:05.0145 0x0664 DPS - ok
12:41:05.0192 0x0664 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:41:05.0239 0x0664 drmkaud - ok
12:41:05.0286 0x0664 [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:41:05.0317 0x0664 DsiWMIService - ok
12:41:05.0395 0x0664 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:41:05.0473 0x0664 DXGKrnl - ok
12:41:05.0535 0x0664 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:41:05.0598 0x0664 EapHost - ok
12:41:05.0723 0x0664 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:41:05.0941 0x0664 ebdrv - ok
12:41:05.0988 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
12:41:06.0019 0x0664 EFS - ok
12:41:06.0081 0x0664 [ 18DD872DD46ACB24E106DC2C9C270466, 7531A880DE4EFA08828B7927A687A10B71BA272C9E88631ED39EAE42E2FF9AD2 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
12:41:06.0113 0x0664 EgisTec Ticket Service - ok
12:41:06.0206 0x0664 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:41:06.0284 0x0664 ehRecvr - ok
12:41:06.0315 0x0664 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:41:06.0378 0x0664 ehSched - ok
12:41:06.0425 0x0664 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:41:06.0471 0x0664 elxstor - ok
12:41:06.0581 0x0664 [ AC5C64F828C0A6A1350971501AC2A0C7, 920EB0AC38AD65930A747EDC98144010AE97A4B74153B90EE36E9C45055649A1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
12:41:06.0627 0x0664 ePowerSvc - ok
12:41:06.0659 0x0664 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:41:06.0690 0x0664 ErrDev - ok
12:41:06.0768 0x0664 [ DBAA0C650C9549DC5C599D1E81DEDAAD, C8DF68CDACEF27C91CFD1FE8032A8DAF830D9E77C573C25DE5D41FC3DB824ABA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
12:41:06.0846 0x0664 ETD - ok
12:41:06.0893 0x0664 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:41:06.0955 0x0664 EventSystem - ok
12:41:06.0971 0x0664 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:41:07.0033 0x0664 exfat - ok
12:41:07.0064 0x0664 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:41:07.0127 0x0664 fastfat - ok
12:41:07.0158 0x0664 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:41:07.0220 0x0664 Fax - ok
12:41:07.0236 0x0664 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
12:41:07.0251 0x0664 fdc - ok
12:41:07.0298 0x0664 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:41:07.0329 0x0664 fdPHost - ok
12:41:07.0345 0x0664 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:41:07.0392 0x0664 FDResPub - ok
12:41:07.0423 0x0664 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:41:07.0439 0x0664 FileInfo - ok
12:41:07.0439 0x0664 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:41:07.0501 0x0664 Filetrace - ok
12:41:07.0579 0x0664 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:41:07.0641 0x0664 FLEXnet Licensing Service - ok
12:41:07.0657 0x0664 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:41:07.0688 0x0664 flpydisk - ok
12:41:07.0704 0x0664 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:41:07.0735 0x0664 FltMgr - ok
12:41:07.0844 0x0664 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:41:07.0922 0x0664 FontCache - ok
12:41:07.0969 0x0664 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:41:07.0985 0x0664 FontCache3.0.0.0 - ok
12:41:08.0016 0x0664 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:41:08.0031 0x0664 FsDepends - ok
12:41:08.0063 0x0664 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:41:08.0078 0x0664 Fs_Rec - ok
12:41:08.0109 0x0664 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:41:08.0141 0x0664 fvevol - ok
12:41:08.0172 0x0664 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:41:08.0187 0x0664 gagp30kx - ok
12:41:08.0250 0x0664 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:41:08.0281 0x0664 GamesAppService - ok
12:41:08.0343 0x0664 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:41:08.0390 0x0664 GEARAspiWDM - ok
12:41:08.0453 0x0664 [ 16C2A6BCDDA8952C2035DEC861492A19, 9023CD3A2C1009786A48EF7FBCC97ED1724C836279424A4D465CCE1AFA2DBDDA ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
12:41:08.0499 0x0664 ggflt - ok
12:41:08.0531 0x0664 [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
12:41:08.0546 0x0664 ggsemc - ok
12:41:08.0655 0x0664 [ C6B9F48D46C13389EA2AF2065AE66612, BFB2CFF1B9BFE55E027F01C3714DF9BF8E0C5CFD0EF0BF6B8DA029D98C1288D7 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe
12:41:08.0671 0x0664 GoToAssist - ok
12:41:08.0749 0x0664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:41:08.0843 0x0664 gpsvc - ok
12:41:08.0889 0x0664 [ 84E58FEA8B1A7537696A20C59CB9B0C9, 21F36D45612247DD81CC55FCDA56496BE8BBE384E8FBCCB6184D69F77A59F5C0 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:41:08.0905 0x0664 GREGService - detected UnsignedFile.Multi.Generic ( 1 )
12:41:11.0526 0x0664 Detect skipped due to KSN trusted
12:41:11.0526 0x0664 GREGService - ok
12:41:11.0651 0x0664 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:11.0682 0x0664 gupdate - ok
12:41:11.0682 0x0664 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:11.0697 0x0664 gupdatem - ok
12:41:11.0729 0x0664 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:41:11.0791 0x0664 gusvc - ok
12:41:11.0822 0x0664 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:41:11.0853 0x0664 hcw85cir - ok
12:41:11.0869 0x0664 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:11.0916 0x0664 HdAudAddService - ok
12:41:11.0947 0x0664 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:41:11.0978 0x0664 HDAudBus - ok
12:41:12.0025 0x0664 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
12:41:12.0072 0x0664 HECIx64 - ok
12:41:12.0087 0x0664 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:41:12.0119 0x0664 HidBatt - ok
12:41:12.0150 0x0664 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:41:12.0181 0x0664 HidBth - ok
12:41:12.0197 0x0664 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
12:41:12.0259 0x0664 HidIr - ok
12:41:12.0306 0x0664 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:41:12.0368 0x0664 hidserv - ok
12:41:12.0415 0x0664 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:41:12.0462 0x0664 HidUsb - ok
12:41:12.0571 0x0664 [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
12:41:12.0633 0x0664 HipShieldK - ok
12:41:12.0665 0x0664 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:41:12.0711 0x0664 hkmsvc - ok
12:41:12.0727 0x0664 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:41:12.0743 0x0664 HomeGroupListener - ok
12:41:12.0789 0x0664 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:41:12.0805 0x0664 HomeGroupProvider - ok
12:41:12.0961 0x0664 [ B2C832BBF64964F755D39174BC49F7B9, 324088F2A8B88AC2FDBBC7A0B49239E32F87980CCA1A97E86A828813B5C637C8 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:41:12.0992 0x0664 HomeNetSvc - ok
12:41:13.0039 0x0664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:41:13.0086 0x0664 HpSAMD - ok
12:41:13.0133 0x0664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:41:13.0211 0x0664 HTTP - ok
12:41:13.0211 0x0664 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:41:13.0226 0x0664 hwpolicy - ok
12:41:13.0257 0x0664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:41:13.0289 0x0664 i8042prt - ok
12:41:13.0335 0x0664 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:41:13.0351 0x0664 iaStor - ok
12:41:13.0413 0x0664 [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:41:13.0429 0x0664 IAStorDataMgrSvc - ok
12:41:13.0476 0x0664 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:41:13.0523 0x0664 iaStorV - ok
12:41:13.0616 0x0664 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:41:13.0694 0x0664 idsvc - ok
12:41:13.0741 0x0664 IEEtwCollectorService - ok
12:41:14.0100 0x0664 [ 31569A2E836C12014148BF7342716946, 07DAEF864AF41E8669A6F2546967014C58898BD42C4C2FA1961F32311D083565 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:41:14.0412 0x0664 igfx - ok
12:41:14.0474 0x0664 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:41:14.0490 0x0664 iirsp - ok
12:41:14.0615 0x0664 [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
12:41:14.0646 0x0664 IJPLMSVC - ok
12:41:14.0724 0x0664 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:41:14.0786 0x0664 IKEEXT - ok
12:41:14.0849 0x0664 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:41:14.0880 0x0664 Impcd - ok
12:41:15.0036 0x0664 [ 650D06E28A43E365A01EC4EE0946FC24, 88AA348F7B674FB81C214C56E1833BD1C4B87FD8626D3B4ED18BA10FE93EFE1C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:41:15.0176 0x0664 IntcAzAudAddService - ok
12:41:15.0207 0x0664 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:41:15.0239 0x0664 intelide - ok
12:41:15.0285 0x0664 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:41:15.0301 0x0664 intelppm - ok
12:41:15.0332 0x0664 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:41:15.0363 0x0664 IPBusEnum - ok
12:41:15.0379 0x0664 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:15.0426 0x0664 IpFilterDriver - ok
12:41:15.0504 0x0664 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:41:15.0566 0x0664 iphlpsvc - ok
12:41:15.0566 0x0664 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:41:15.0597 0x0664 IPMIDRV - ok
12:41:15.0597 0x0664 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:41:15.0660 0x0664 IPNAT - ok
12:41:15.0738 0x0664 [ 6E50CFA46527B39015B750AAD161C5CC, 93F99EF7771C56EBE41FBC0C668F686644FBDF94E31456D3F5A9A8AE2F70EAB6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:41:15.0785 0x0664 iPod Service - ok
12:41:15.0816 0x0664 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:41:15.0847 0x0664 IRENUM - ok
12:41:15.0847 0x0664 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:41:15.0863 0x0664 isapnp - ok
12:41:15.0909 0x0664 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:41:15.0925 0x0664 iScsiPrt - ok
12:41:16.0034 0x0664 [ 0469BFF65BBDEE9E46D0C45EE32A08BD, 8E11F03FC463CBC9FBBF5D2A29FBF1076C9317D2B8B7224E24C22553F160E065 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
12:41:16.0097 0x0664 k57nd60a - ok
12:41:16.0128 0x0664 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:41:16.0159 0x0664 kbdclass - ok
12:41:16.0159 0x0664 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:41:16.0190 0x0664 kbdhid - ok
12:41:16.0237 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
12:41:16.0253 0x0664 KeyIso - ok
12:41:16.0409 0x0664 [ 140692763A50BFFF322CDC076300587E, 4B6D9AE479EDDB429C1DE36406517FA65C2B3927B20792B3A27CEE05A6B7A3AB ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
12:41:16.0455 0x0664 Kodak AiO Network Discovery Service - ok
12:41:16.0518 0x0664 [ E29F999616D7C08B0E91296908C47CAF, 285594B526A15911238B89E5FCBCFFA48A6C69CCC481918D2C474C6BB12869E6 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
12:41:16.0549 0x0664 Kodak AiO Status Monitor Service - ok
12:41:16.0580 0x0664 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:41:16.0611 0x0664 KSecDD - ok
12:41:16.0658 0x0664 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:41:16.0689 0x0664 KSecPkg - ok
12:41:16.0752 0x0664 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:41:16.0814 0x0664 ksthunk - ok
12:41:16.0845 0x0664 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:41:16.0939 0x0664 KtmRm - ok
12:41:17.0033 0x0664 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:41:17.0095 0x0664 LanmanServer - ok
12:41:17.0111 0x0664 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:41:17.0142 0x0664 LanmanWorkstation - ok
12:41:17.0189 0x0664 [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:41:17.0220 0x0664 Live Updater Service - ok
12:41:17.0267 0x0664 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:41:17.0313 0x0664 lltdio - ok
12:41:17.0360 0x0664 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:41:17.0407 0x0664 lltdsvc - ok
12:41:17.0423 0x0664 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:41:17.0454 0x0664 lmhosts - ok
12:41:17.0547 0x0664 [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:41:17.0579 0x0664 LMS - ok
12:41:17.0610 0x0664 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:41:17.0625 0x0664 LSI_FC - ok
12:41:17.0641 0x0664 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:41:17.0657 0x0664 LSI_SAS - ok
12:41:17.0672 0x0664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:41:17.0688 0x0664 LSI_SAS2 - ok
12:41:17.0688 0x0664 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:41:17.0703 0x0664 LSI_SCSI - ok
12:41:17.0719 0x0664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:41:17.0781 0x0664 luafv - ok
12:41:17.0953 0x0664 [ 58A9AB3A7CADFC92FAD0416861E4F6B5, 71B3ED034D3EFDE80E7CE853863D81D49643F58DBCAC6DF8A1CA59E6B1EAA494 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
12:41:18.0031 0x0664 McAfee SiteAdvisor Service - ok
12:41:18.0234 0x0664 [ 51700D4BD678B2B13167CB0BB4477F4C, 44BCF7BFE2F78AB2B62BEFF08133922A678A8491B8213EF27B94757D1BB56ACC ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
12:41:18.0343 0x0664 McAPExe - ok
12:41:18.0483 0x0664 [ BF9EB1361EF8D456AB15D5AC2765D860, 5A622F26203438BAF768EFAFCAFD78971E90EE6A0A9FC954FE8A68D5B4C9E9C9 ] mccspsvc C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
12:41:18.0561 0x0664 mccspsvc - ok
12:41:18.0639 0x0664 [ B2C832BBF64964F755D39174BC49F7B9, 324088F2A8B88AC2FDBBC7A0B49239E32F87980CCA1A97E86A828813B5C637C8 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:41:18.0655 0x0664 McMPFSvc - ok
12:41:18.0717 0x0664 [ B2C832BBF64964F755D39174BC49F7B9, 324088F2A8B88AC2FDBBC7A0B49239E32F87980CCA1A97E86A828813B5C637C8 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:41:18.0733 0x0664 mcpltsvc - ok
12:41:18.0764 0x0664 [ B2C832BBF64964F755D39174BC49F7B9, 324088F2A8B88AC2FDBBC7A0B49239E32F87980CCA1A97E86A828813B5C637C8 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:41:18.0780 0x0664 McProxy - ok
12:41:18.0811 0x0664 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:41:18.0827 0x0664 Mcx2Svc - ok
12:41:18.0858 0x0664 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
12:41:18.0858 0x0664 megasas - ok
12:41:18.0905 0x0664 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:41:18.0920 0x0664 MegaSR - ok
12:41:18.0951 0x0664 [ 1A0C96A38A888838DF9523C973E3FE87, 9C41EDBFA21DF2684EED81AD56FC440AED002FB5C760DECFF1A454835273637B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:41:19.0014 0x0664 mfeapfk - ok
12:41:19.0076 0x0664 [ 3EAF75ED747B2D60ABA4E45107D96E80, DC8141AAE425417F64D5070D573A0BDA40CF4FBDE041240FB331B2DDF0F8A361 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:41:19.0154 0x0664 mfeavfk - ok
12:41:19.0279 0x0664 [ 862CCECA53B237BDF3AA52EDD681FCE1, 752850CE18FD2ED747EDB4A2DE4D9B7730A704A992FDC2C99C84A7E48F1CCDA4 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
12:41:19.0388 0x0664 mfecore - ok
12:41:19.0466 0x0664 [ 12279E1080026A15D272AE6AAB97FBC7, A52F2D9B7CECA6D1CF28B72F5766F001F1480F08C7ACDC32BC7F9057FBBF9277 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:41:19.0529 0x0664 mfefire - ok
12:41:19.0622 0x0664 [ 07CFCE5D75C27474E20DE8715794F229, C20F36B242DB592D2FE1EB43EA339514969BAB9561D76FAC7CA6204F6AFCB8B8 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
12:41:19.0669 0x0664 mfefirek - ok
12:41:19.0763 0x0664 [ 29D0483A9EBB01DB2036A52E3BF23D6B, D4D6FDE489E937634BEA2C2F5DF65C560E5160AD9EA85088A59AE88FD9C06B2E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:41:19.0809 0x0664 mfehidk - ok
12:41:19.0872 0x0664 [ 7E0CB59045BEB5976B32C3541DB0BFBB, 8D9B760772D885611DAD5AB4C82705FC8608B8C7F2BC30A19883506A81A804B1 ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys
12:41:19.0934 0x0664 mfencbdc - ok
12:41:19.0981 0x0664 [ 4B34DFBC138C5C8FAC6F814575E41376, 584F76A0EA8ADAC415D118796E7B08969ABE717CB0FCC2D3B505BF86450D4E40 ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys
12:41:20.0043 0x0664 mfencrk - ok
12:41:20.0075 0x0664 [ 9A642F163F1FB12DE395A6010A9AD687, A86E092417C0C40E6FB9F6206D82391CEE4495FFA6F8A442BE50D349ACBA44B9 ] mfevtp C:\Windows\system32\mfevtps.exe
12:41:20.0153 0x0664 mfevtp - ok
12:41:20.0231 0x0664 [ 1134C87CC1184F5B88F0C7002ACFDC99, 9029E15BF5186258CACF7D46F0E182949E93B78B3F17ED680FE8ECF12EFFF646 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:41:20.0309 0x0664 mfewfpk - ok
12:41:20.0340 0x0664 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:41:20.0387 0x0664 MMCSS - ok
12:41:20.0402 0x0664 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:41:20.0449 0x0664 Modem - ok
12:41:20.0496 0x0664 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:41:20.0543 0x0664 monitor - ok
12:41:20.0558 0x0664 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:41:20.0574 0x0664 mouclass - ok
12:41:20.0589 0x0664 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys
12:41:20.0636 0x0664 mouhid - ok
12:41:20.0652 0x0664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:41:20.0667 0x0664 mountmgr - ok
12:41:20.0745 0x0664 [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:41:20.0792 0x0664 MpFilter - ok
12:41:20.0823 0x0664 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:41:20.0917 0x0664 mpio - ok
12:41:20.0948 0x0664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:41:21.0011 0x0664 mpsdrv - ok
12:41:21.0089 0x0664 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:41:21.0167 0x0664 MpsSvc - ok
12:41:21.0198 0x0664 MREMP50 - ok
12:41:21.0245 0x0664 MREMP50a64 - ok
12:41:21.0245 0x0664 MREMPR5 - ok
12:41:21.0260 0x0664 MRENDIS5 - ok
12:41:21.0291 0x0664 MRESP50 - ok
12:41:21.0291 0x0664 MRESP50a64 - ok
12:41:21.0338 0x0664 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:41:21.0385 0x0664 MRxDAV - ok
12:41:21.0416 0x0664 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:41:21.0463 0x0664 mrxsmb - ok
12:41:21.0494 0x0664 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:41:21.0541 0x0664 mrxsmb10 - ok
12:41:21.0557 0x0664 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:41:21.0588 0x0664 mrxsmb20 - ok
12:41:21.0619 0x0664 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:41:21.0635 0x0664 msahci - ok
12:41:21.0650 0x0664 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:41:21.0697 0x0664 msdsm - ok
12:41:21.0713 0x0664 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:41:21.0744 0x0664 MSDTC - ok
12:41:21.0775 0x0664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:41:21.0822 0x0664 Msfs - ok
12:41:21.0853 0x0664 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:41:21.0915 0x0664 mshidkmdf - ok
12:41:21.0931 0x0664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:41:21.0947 0x0664 msisadrv - ok
12:41:21.0978 0x0664 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:41:22.0025 0x0664 MSiSCSI - ok
12:41:22.0025 0x0664 msiserver - ok
12:41:22.0087 0x0664 [ B2C832BBF64964F755D39174BC49F7B9, 324088F2A8B88AC2FDBBC7A0B49239E32F87980CCA1A97E86A828813B5C637C8 ] MSK80Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:41:22.0134 0x0664 MSK80Service - ok
12:41:22.0149 0x0664 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:41:22.0196 0x0664 MSKSSRV - ok
12:41:22.0274 0x0664 [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:41:22.0321 0x0664 MsMpSvc - ok
12:41:22.0337 0x0664 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:41:22.0399 0x0664 MSPCLOCK - ok
12:41:22.0415 0x0664 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:41:22.0461 0x0664 MSPQM - ok
12:41:22.0477 0x0664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:41:22.0524 0x0664 MsRPC - ok
12:41:22.0539 0x0664 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:41:22.0555 0x0664 mssmbios - ok
12:41:22.0555 0x0664 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:41:22.0602 0x0664 MSTEE - ok
12:41:22.0602 0x0664 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:41:22.0633 0x0664 MTConfig - ok
12:41:22.0649 0x0664 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:41:22.0664 0x0664 Mup - ok
12:41:22.0680 0x0664 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:41:22.0695 0x0664 mwlPSDFilter - ok
12:41:22.0711 0x0664 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:41:22.0727 0x0664 mwlPSDNServ - ok
12:41:22.0742 0x0664 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:41:22.0773 0x0664 mwlPSDVDisk - ok
12:41:22.0805 0x0664 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:41:22.0867 0x0664 napagent - ok
12:41:22.0898 0x0664 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:41:22.0929 0x0664 NativeWifiP - ok
12:41:23.0023 0x0664 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:41:23.0054 0x0664 NDIS - ok
12:41:23.0085 0x0664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:41:23.0132 0x0664 NdisCap - ok
12:41:23.0163 0x0664 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:41:23.0210 0x0664 NdisTapi - ok
12:41:23.0226 0x0664 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:41:23.0273 0x0664 Ndisuio - ok
12:41:23.0288 0x0664 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:41:23.0351 0x0664 NdisWan - ok
12:41:23.0366 0x0664 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:41:23.0413 0x0664 NDProxy - ok
12:41:23.0444 0x0664 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:41:23.0491 0x0664 NetBIOS - ok
12:41:23.0553 0x0664 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:41:23.0647 0x0664 NetBT - ok
12:41:23.0663 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
12:41:23.0678 0x0664 Netlogon - ok
12:41:23.0741 0x0664 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:41:23.0834 0x0664 Netman - ok
12:41:23.0897 0x0664 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:23.0928 0x0664 NetMsmqActivator - ok
12:41:23.0943 0x0664 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:23.0959 0x0664 NetPipeActivator - ok
12:41:23.0975 0x0664 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:41:24.0037 0x0664 netprofm - ok
12:41:24.0037 0x0664 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:24.0053 0x0664 NetTcpActivator - ok
12:41:24.0068 0x0664 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:41:24.0084 0x0664 NetTcpPortSharing - ok
12:41:24.0131 0x0664 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:41:24.0162 0x0664 nfrd960 - ok
12:41:24.0240 0x0664 [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:41:24.0271 0x0664 NisDrv - ok
12:41:24.0365 0x0664 [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:41:24.0443 0x0664 NisSrv - ok
12:41:24.0489 0x0664 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:41:24.0521 0x0664 NlaSvc - ok
12:41:24.0521 0x0664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:41:24.0583 0x0664 Npfs - ok
12:41:24.0599 0x0664 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:41:24.0645 0x0664 nsi - ok
12:41:24.0661 0x0664 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:41:24.0723 0x0664 nsiproxy - ok
12:41:24.0817 0x0664 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:41:24.0895 0x0664 Ntfs - ok
12:41:24.0942 0x0664 [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
12:41:25.0020 0x0664 NTI IScheduleSvc - ok
12:41:25.0051 0x0664 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
12:41:25.0067 0x0664 NTIDrvr - ok
12:41:25.0067 0x0664 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:41:25.0129 0x0664 Null - ok
12:41:25.0145 0x0664 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:41:25.0176 0x0664 nvraid - ok
12:41:25.0191 0x0664 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:41:25.0238 0x0664 nvstor - ok
12:41:25.0254 0x0664 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:41:25.0269 0x0664 nv_agp - ok
12:41:25.0285 0x0664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:41:25.0316 0x0664 ohci1394 - ok
12:41:25.0379 0x0664 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:41:25.0410 0x0664 ose - ok
12:41:25.0644 0x0664 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:41:25.0878 0x0664 osppsvc - ok
12:41:25.0909 0x0664 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:41:25.0940 0x0664 p2pimsvc - ok
12:41:25.0971 0x0664 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:41:26.0018 0x0664 p2psvc - ok
12:41:26.0034 0x0664 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
12:41:26.0065 0x0664 Parport - ok
12:41:26.0112 0x0664 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:41:26.0143 0x0664 partmgr - ok
12:41:26.0174 0x0664 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:41:26.0205 0x0664 PcaSvc - ok
12:41:26.0221 0x0664 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:41:26.0237 0x0664 pci - ok
12:41:26.0268 0x0664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:41:26.0299 0x0664 pciide - ok
12:41:26.0315 0x0664 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:41:26.0346 0x0664 pcmcia - ok
12:41:26.0361 0x0664 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:41:26.0377 0x0664 pcw - ok
12:41:26.0408 0x0664 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:41:26.0486 0x0664 PEAUTH - ok
12:41:26.0595 0x0664 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:41:26.0627 0x0664 PerfHost - ok
12:41:26.0736 0x0664 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:41:26.0829 0x0664 pla - ok
12:41:26.0892 0x0664 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:41:26.0939 0x0664 PlugPlay - ok
12:41:26.0954 0x0664 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:41:26.0985 0x0664 PNRPAutoReg - ok
12:41:27.0001 0x0664 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:41:27.0032 0x0664 PNRPsvc - ok
12:41:27.0063 0x0664 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:41:27.0126 0x0664 PolicyAgent - ok
12:41:27.0157 0x0664 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:41:27.0204 0x0664 Power - ok
12:41:27.0235 0x0664 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:41:27.0282 0x0664 PptpMiniport - ok
12:41:27.0297 0x0664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
12:41:27.0344 0x0664 Processor - ok
12:41:27.0391 0x0664 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
12:41:27.0422 0x0664 ProfSvc - ok
12:41:27.0453 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:41:27.0469 0x0664 ProtectedStorage - ok
12:41:27.0516 0x0664 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:41:27.0578 0x0664 Psched - ok
12:41:27.0672 0x0664 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:41:27.0734 0x0664 ql2300 - ok
12:41:27.0781 0x0664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:41:27.0812 0x0664 ql40xx - ok
12:41:27.0843 0x0664 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:41:27.0875 0x0664 QWAVE - ok
12:41:27.0890 0x0664 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:41:27.0921 0x0664 QWAVEdrv - ok
12:41:27.0937 0x0664 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:41:27.0999 0x0664 RasAcd - ok
12:41:28.0046 0x0664 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:41:28.0155 0x0664 RasAgileVpn - ok
12:41:28.0171 0x0664 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:41:28.0218 0x0664 RasAuto - ok
12:41:28.0249 0x0664 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:41:28.0296 0x0664 Rasl2tp - ok
12:41:28.0311 0x0664 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:41:28.0358 0x0664 RasMan - ok
12:41:28.0389 0x0664 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:41:28.0436 0x0664 RasPppoe - ok
12:41:28.0467 0x0664 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:41:28.0514 0x0664 RasSstp - ok
12:41:28.0530 0x0664 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:41:28.0592 0x0664 rdbss - ok
12:41:28.0608 0x0664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:41:28.0639 0x0664 rdpbus - ok
12:41:28.0655 0x0664 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:41:28.0701 0x0664 RDPCDD - ok
12:41:28.0733 0x0664 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:41:28.0779 0x0664 RDPENCDD - ok
12:41:28.0795 0x0664 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:41:28.0842 0x0664 RDPREFMP - ok
12:41:28.0889 0x0664 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:41:28.0967 0x0664 RDPWD - ok
12:41:28.0998 0x0664 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:41:29.0029 0x0664 rdyboost - ok
12:41:29.0045 0x0664 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:41:29.0107 0x0664 RemoteAccess - ok
12:41:29.0154 0x0664 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:41:29.0216 0x0664 RemoteRegistry - ok
12:41:29.0263 0x0664 [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:41:29.0294 0x0664 RimUsb - ok
12:41:29.0310 0x0664 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:41:29.0357 0x0664 RpcEptMapper - ok
12:41:29.0388 0x0664 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:41:29.0419 0x0664 RpcLocator - ok
12:41:29.0450 0x0664 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:41:29.0513 0x0664 RpcSs - ok
12:41:29.0528 0x0664 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:41:29.0591 0x0664 rspndr - ok
12:41:29.0622 0x0664 [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
12:41:29.0669 0x0664 RSUSBSTOR - ok
12:41:29.0715 0x0664 [ AE722FD346B75B776CA75F297347EE8A, 6B8C87925CE8C565798C165DB0991865B6F0F53524B405BDA092EB9D7C734ACC ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
12:41:29.0762 0x0664 s125bus - ok
12:41:29.0793 0x0664 [ 5A5B9B10A9545A832B436884A1D1A848, DEFF0A6C6903ED253DFED25BB681DEFBBE43932B61FA3F35EECE28A10FB8A246 ] s125obex C:\Windows\system32\DRIVERS\s125obex.sys
12:41:29.0809 0x0664 s125obex - ok
12:41:29.0825 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
12:41:29.0840 0x0664 SamSs - ok
12:41:29.0871 0x0664 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:41:29.0887 0x0664 sbp2port - ok
12:41:29.0934 0x0664 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:41:29.0981 0x0664 SCardSvr - ok
12:41:30.0012 0x0664 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:41:30.0074 0x0664 scfilter - ok
12:41:30.0137 0x0664 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:41:30.0246 0x0664 Schedule - ok
12:41:30.0277 0x0664 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:41:30.0308 0x0664 SCPolicySvc - ok
12:41:30.0339 0x0664 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:41:30.0355 0x0664 SDRSVC - ok
12:41:30.0386 0x0664 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:41:30.0433 0x0664 secdrv - ok
12:41:30.0449 0x0664 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:41:30.0495 0x0664 seclogon - ok
12:41:30.0527 0x0664 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:41:30.0558 0x0664 SENS - ok
12:41:30.0589 0x0664 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:41:30.0605 0x0664 SensrSvc - ok
12:41:30.0620 0x0664 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:41:30.0651 0x0664 Serenum - ok
12:41:30.0667 0x0664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
12:41:30.0698 0x0664 Serial - ok
12:41:30.0714 0x0664 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:41:30.0729 0x0664 sermouse - ok
12:41:30.0761 0x0664 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:41:30.0807 0x0664 SessionEnv - ok
12:41:30.0823 0x0664 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:41:30.0839 0x0664 sffdisk - ok
12:41:30.0854 0x0664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:41:30.0870 0x0664 sffp_mmc - ok
12:41:30.0885 0x0664 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:41:30.0901 0x0664 sffp_sd - ok
12:41:30.0901 0x0664 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:41:30.0932 0x0664 sfloppy - ok
12:41:30.0963 0x0664 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:41:31.0026 0x0664 SharedAccess - ok
12:41:31.0057 0x0664 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:41:31.0104 0x0664 ShellHWDetection - ok
12:41:31.0104 0x0664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:41:31.0135 0x0664 SiSRaid2 - ok
12:41:31.0135 0x0664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:41:31.0166 0x0664 SiSRaid4 - ok
12:41:31.0229 0x0664 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:41:31.0307 0x0664 SkypeUpdate - ok
12:41:31.0322 0x0664 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:41:31.0385 0x0664 Smb - ok
12:41:31.0416 0x0664 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:41:31.0447 0x0664 SNMPTRAP - ok
12:41:31.0603 0x0664 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
12:41:31.0665 0x0664 Sony PC Companion - ok
12:41:31.0697 0x0664 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:41:31.0728 0x0664 spldr - ok
12:41:31.0775 0x0664 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:41:31.0821 0x0664 Spooler - ok
12:41:31.0977 0x0664 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:41:32.0118 0x0664 sppsvc - ok
12:41:32.0133 0x0664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:41:32.0180 0x0664 sppuinotify - ok
12:41:32.0211 0x0664 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:41:32.0243 0x0664 srv - ok
12:41:32.0258 0x0664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:41:32.0289 0x0664 srv2 - ok
12:41:32.0321 0x0664 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:41:32.0352 0x0664 srvnet - ok
12:41:32.0399 0x0664 [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:41:32.0430 0x0664 ssadbus - ok
12:41:32.0461 0x0664 [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:41:32.0492 0x0664 ssadmdfl - ok
12:41:32.0555 0x0664 [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:41:32.0570 0x0664 ssadmdm - ok
12:41:32.0633 0x0664 [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
12:41:32.0648 0x0664 ssadserd - ok
12:41:32.0679 0x0664 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:41:32.0742 0x0664 SSDPSRV - ok
12:41:32.0757 0x0664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:41:32.0804 0x0664 SstpSvc - ok
12:41:32.0820 0x0664 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:41:32.0835 0x0664 stexstor - ok
12:41:32.0882 0x0664 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:41:32.0898 0x0664 StillCam - ok
12:41:32.0991 0x0664 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:41:33.0116 0x0664 stisvc - ok
12:41:33.0147 0x0664 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:41:33.0163 0x0664 swenum - ok
12:41:33.0241 0x0664 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:41:33.0319 0x0664 swprv - ok
12:41:33.0444 0x0664 [ BC642D540AEDF9A253C74D10C848EBD2, FFC90E91D2A3683925A34C15FC0EF6EE91A6F90C829B5BCC326EE2242F89E366 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:41:33.0600 0x0664 SynTP - ok
12:41:33.0662 0x0664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:41:33.0756 0x0664 SysMain - ok
12:41:33.0771 0x0664 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:41:33.0803 0x0664 TabletInputService - ok
12:41:33.0818 0x0664 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:41:33.0865 0x0664 TapiSrv - ok
12:41:33.0881 0x0664 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:41:33.0927 0x0664 TBS - ok
12:41:34.0052 0x0664 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:41:34.0146 0x0664 Tcpip - ok
12:41:34.0208 0x0664 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:41:34.0271 0x0664 TCPIP6 - ok
12:41:34.0317 0x0664 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:41:34.0349 0x0664 tcpipreg - ok
12:41:34.0380 0x0664 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:41:34.0411 0x0664 TDPIPE - ok
12:41:34.0442 0x0664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:41:34.0489 0x0664 TDTCP - ok
12:41:34.0536 0x0664 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:41:34.0567 0x0664 tdx - ok
12:41:34.0583 0x0664 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:41:34.0598 0x0664 TermDD - ok
12:41:34.0645 0x0664 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
12:41:34.0692 0x0664 TermService - ok
12:41:34.0723 0x0664 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:41:34.0739 0x0664 Themes - ok
12:41:34.0754 0x0664 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:41:34.0801 0x0664 THREADORDER - ok
12:41:34.0848 0x0664 [ 5922B1F5741BBDBAF7F7B4CBD2B7C4A5, DC296753E3F4660F24E84744AD7E9D2E279D0CD49C71A6B721B6445F859C4DF7 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
12:41:34.0863 0x0664 tmlwf - ok
12:41:34.0941 0x0664 [ 0A03E85A641F2672796D34F506066594, B2AA139CC53F25DB1709844483D404A8FA1D010167BCF164B4A31A029C606F7D ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
12:41:34.0957 0x0664 TomTomHOMEService - ok
12:41:34.0973 0x0664 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:41:35.0019 0x0664 TrkWks - ok
12:41:35.0082 0x0664 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:41:35.0144 0x0664 TrustedInstaller - ok
12:41:35.0191 0x0664 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:41:35.0222 0x0664 tssecsrv - ok
12:41:35.0253 0x0664 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:41:35.0285 0x0664 TsUsbFlt - ok
12:41:35.0300 0x0664 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:41:35.0331 0x0664 TsUsbGD - ok
12:41:35.0363 0x0664 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:41:35.0409 0x0664 tunnel - ok
12:41:35.0425 0x0664 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:41:35.0441 0x0664 uagp35 - ok
12:41:35.0456 0x0664 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:41:35.0456 0x0664 UBHelper - ok
12:41:35.0487 0x0664 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:41:35.0565 0x0664 udfs - ok
12:41:35.0597 0x0664 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:41:35.0612 0x0664 UI0Detect - ok
12:41:35.0628 0x0664 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:41:35.0643 0x0664 uliagpkx - ok
12:41:35.0659 0x0664 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:41:35.0706 0x0664 umbus - ok
12:41:35.0753 0x0664 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
12:41:35.0784 0x0664 UmPass - ok
12:41:35.0955 0x0664 [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:41:36.0049 0x0664 UNS - ok
12:41:36.0096 0x0664 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:41:36.0143 0x0664 upnphost - ok
12:41:36.0174 0x0664 [ AF1B9474D67897D0C2CFF58E0ACEACCC, 5ED9836EC7BEEB6706C327EF199E9B674863ED8C83890DDE5E5A6554C2DA5288 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:41:36.0205 0x0664 USBAAPL64 - ok
12:41:36.0252 0x0664 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:41:36.0283 0x0664 usbccgp - ok
12:41:36.0314 0x0664 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:41:36.0345 0x0664 usbcir - ok
12:41:36.0377 0x0664 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:41:36.0423 0x0664 usbehci - ok
12:41:36.0470 0x0664 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:41:36.0517 0x0664 usbhub - ok
12:41:36.0548 0x0664 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:41:36.0595 0x0664 usbohci - ok
12:41:36.0642 0x0664 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:41:36.0673 0x0664 usbprint - ok
12:41:36.0720 0x0664 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
12:41:36.0767 0x0664 usbscan - ok
12:41:36.0782 0x0664 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:41:36.0829 0x0664 USBSTOR - ok
12:41:36.0860 0x0664 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:41:36.0891 0x0664 usbuhci - ok
12:41:36.0938 0x0664 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:41:37.0001 0x0664 usbvideo - ok
12:41:37.0032 0x0664 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:41:37.0079 0x0664 usb_rndisx - ok
12:41:37.0110 0x0664 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:41:37.0157 0x0664 UxSms - ok
12:41:37.0188 0x0664 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
12:41:37.0219 0x0664 VaultSvc - ok
12:41:37.0250 0x0664 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:41:37.0266 0x0664 vdrvroot - ok
12:41:37.0297 0x0664 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:41:37.0359 0x0664 vds - ok
12:41:37.0391 0x0664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:41:37.0406 0x0664 vga - ok
12:41:37.0437 0x0664 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:41:37.0484 0x0664 VgaSave - ok
12:41:37.0484 0x0664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:41:37.0515 0x0664 vhdmp - ok
12:41:37.0531 0x0664 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:41:37.0531 0x0664 viaide - ok
12:41:37.0547 0x0664 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:41:37.0562 0x0664 volmgr - ok
12:41:37.0593 0x0664 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:41:37.0609 0x0664 volmgrx - ok
12:41:37.0625 0x0664 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:41:37.0656 0x0664 volsnap - ok
12:41:37.0687 0x0664 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:41:37.0703 0x0664 vsmraid - ok
12:41:37.0765 0x0664 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:41:37.0874 0x0664 VSS - ok
12:41:37.0890 0x0664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:41:37.0921 0x0664 vwifibus - ok
12:41:37.0937 0x0664 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:41:37.0968 0x0664 vwififlt - ok
12:41:37.0983 0x0664 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:41:38.0046 0x0664 W32Time - ok
12:41:38.0061 0x0664 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:41:38.0093 0x0664 WacomPen - ok
12:41:38.0124 0x0664 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:41:38.0186 0x0664 WANARP - ok
12:41:38.0202 0x0664 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:41:38.0233 0x0664 Wanarpv6 - ok
12:41:38.0342 0x0664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:41:38.0420 0x0664 WatAdminSvc - ok
12:41:38.0545 0x0664 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:41:38.0639 0x0664 wbengine - ok
12:41:38.0670 0x0664 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:41:38.0701 0x0664 WbioSrvc - ok
12:41:38.0717 0x0664 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:41:38.0748 0x0664 wcncsvc - ok
12:41:38.0779 0x0664 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:41:38.0795 0x0664 WcsPlugInService - ok
12:41:38.0810 0x0664 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
12:41:38.0826 0x0664 Wd - ok
12:41:38.0904 0x0664 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:41:38.0951 0x0664 Wdf01000 - ok
12:41:38.0966 0x0664 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:41:38.0997 0x0664 WdiServiceHost - ok
12:41:39.0013 0x0664 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:41:39.0029 0x0664 WdiSystemHost - ok
12:41:39.0075 0x0664 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:41:39.0107 0x0664 WebClient - ok
12:41:39.0138 0x0664 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:41:39.0216 0x0664 Wecsvc - ok
12:41:39.0231 0x0664 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:41:39.0294 0x0664 wercplsupport - ok
12:41:39.0325 0x0664 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:41:39.0372 0x0664 WerSvc - ok
12:41:39.0403 0x0664 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:41:39.0450 0x0664 WfpLwf - ok
12:41:39.0465 0x0664 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:41:39.0481 0x0664 WIMMount - ok
12:41:39.0512 0x0664 WinDefend - ok
12:41:39.0543 0x0664 WinHttpAutoProxySvc - ok
12:41:39.0590 0x0664 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:41:39.0699 0x0664 Winmgmt - ok
12:41:39.0809 0x0664 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
12:41:39.0918 0x0664 WinRM - ok
12:41:39.0980 0x0664 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:41:40.0027 0x0664 WinUsb - ok
12:41:40.0074 0x0664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:41:40.0136 0x0664 Wlansvc - ok
12:41:40.0183 0x0664 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:41:40.0199 0x0664 wlcrasvc - ok
12:41:40.0339 0x0664 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:41:40.0433 0x0664 wlidsvc - ok
12:41:40.0479 0x0664 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:41:40.0495 0x0664 WmiAcpi - ok
12:41:40.0526 0x0664 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:41:40.0589 0x0664 wmiApSrv - ok
12:41:40.0635 0x0664 WMPNetworkSvc - ok
12:41:40.0651 0x0664 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:41:40.0682 0x0664 WPCSvc - ok
12:41:40.0698 0x0664 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:41:40.0713 0x0664 WPDBusEnum - ok
12:41:40.0745 0x0664 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:41:40.0791 0x0664 ws2ifsl - ok
12:41:40.0807 0x0664 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:41:40.0838 0x0664 wscsvc - ok
12:41:40.0838 0x0664 WSearch - ok
12:41:40.0979 0x0664 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
12:41:41.0103 0x0664 wuauserv - ok
12:41:41.0135 0x0664 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:41:41.0166 0x0664 WudfPf - ok
12:41:41.0197 0x0664 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:41:41.0259 0x0664 WUDFRd - ok
12:41:41.0291 0x0664 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:41:41.0306 0x0664 wudfsvc - ok
12:41:41.0353 0x0664 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:41:41.0384 0x0664 WwanSvc - ok
12:41:41.0415 0x0664 ================ Scan global ===============================
12:41:41.0447 0x0664 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:41:41.0493 0x0664 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:41:41.0525 0x0664 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:41:41.0556 0x0664 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:41:41.0587 0x0664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:41:41.0603 0x0664 [ Global ] - ok
12:41:41.0603 0x0664 ================ Scan MBR ==================================
12:41:41.0618 0x0664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:41:42.0305 0x0664 \Device\Harddisk0\DR0 - ok
12:41:42.0305 0x0664 ================ Scan VBR ==================================
12:41:42.0305 0x0664 [ 5025F4042BB4AA6712782173FD8F587B ] \Device\Harddisk0\DR0\Partition1
12:41:42.0367 0x0664 \Device\Harddisk0\DR0\Partition1 - ok
12:41:42.0367 0x0664 [ 617CA099B1F90B2DC98D631A3CF5AEF4 ] \Device\Harddisk0\DR0\Partition2
12:41:42.0414 0x0664 \Device\Harddisk0\DR0\Partition2 - ok
12:41:42.0414 0x0664 ================ Scan generic autorun ======================
12:41:42.0539 0x0664 [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
12:41:42.0632 0x0664 MSC - ok
12:41:42.0632 0x0664 SynTPEnh - ok
12:41:42.0632 0x0664 ETDCtrl - ok
12:41:42.0757 0x0664 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:41:43.0007 0x0664 Sidebar - ok
12:41:43.0038 0x0664 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:41:43.0085 0x0664 mctadmin - ok
12:41:43.0085 0x0664 IsMyWinLockerReboot - ok
12:41:43.0131 0x0664 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:41:43.0163 0x0664 Sidebar - ok
12:41:43.0178 0x0664 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:41:43.0194 0x0664 mctadmin - ok
12:41:43.0209 0x0664 IsMyWinLockerReboot - ok
12:41:43.0319 0x0664 [ 9EB925EDC8CF1C3D06E50E9348B54A0A, 99C1F8D40A65E1F4975B0D1180B3056712832E0E8FBE829785FDD505B6222AEA ] C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe
12:41:43.0350 0x0664 Facebook Update - ok
12:41:43.0350 0x0664 Waiting for KSN requests completion. In queue: 121
12:41:44.0364 0x0664 Waiting for KSN requests completion. In queue: 121
12:41:45.0378 0x0664 Waiting for KSN requests completion. In queue: 121
12:41:46.0532 0x0664 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
12:41:46.0532 0x0664 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 13.6.0.0 ), 0x50010 ( disabled )
12:41:46.0563 0x0664 Win FW state via NFP2: enabled
12:41:49.0013 0x0664 ============================================================
12:41:49.0013 0x0664 Scan finished
12:41:49.0013 0x0664 ============================================================
12:41:49.0028 0x0924 Detected object count: 0
12:41:49.0028 0x0924 Actual detected object count: 0

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 13 February 2015 - 10:45 AM

Hi,

 

Let's do a final check up:

Step 1


Please downloadesetlogo.png Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

 

Step 2

 

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 ceered

ceered
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 13 February 2015 - 09:07 PM

here is the ESET log
(Think I've done it right. I hope so. It did take a long time! Am I right that the threats weren't removed?)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f805ddede1644428cc9a8d0b2b2b660
# engine=22467
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-14 01:47:50
# local_time=2015-02-14 01:47:50 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 109807 46855264 0 0
# scanned=321917
# found=10
# cleaned=0
# scan_time=10412
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\APISupport\APISupport.dll"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\APISupport\APISupport.old"
sh=3661EDB38BCB034EA00F78F9144D975333C786BA ft=1 fh=0c96e457c8798f6f vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll"
sh=3096A6D6D5007B947C86A7FE8E72EEB3C86E80B3 ft=1 fh=6df4c99aadb2d5ea vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll"
sh=7B747225FCFD7B718513C61724F85F9DE3A3DEB1 ft=1 fh=741c83cdb80b287a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll"
sh=7738C09B20F384D52FC9295966EE53222564D38C ft=1 fh=0215ddde6083ecb6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Conduit\CT2790392\BitTorrentBarAutoUpdateHelper.exe"
sh=8B051DF896F3D830FDD00EB162012EC81121206E ft=1 fh=c612663ed2ab0c5e vn="a variant of Win32/InstallCore.AY potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe"
sh=0306BEE8C6A156D5629F714BBAA2B09695D2A9A2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Local\Temp\CT2790392\CT2790392.xpi"
sh=6540A7188DDB9C14B36EBA6914817542BA8AFE52 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome\bittorrentbar.jar"


Here is the FSS log

Farbar Service Scanner Version: 17-01-2015
Ran by Natalie (administrator) on 14-02-2015 at 01:53:49
Running from "C:\Users\Natalie\Desktop\STUFF"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 14 February 2015 - 05:38 AM

Hi :)

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   307bytes   6 downloads

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 ceered

ceered
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 February 2015 - 09:03 AM

Hi Jurgen
I'm unable to download the fix list. I keep getting the message that I don't have permission. I'm logged into the forum so I don't know why it won't work.

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 14 February 2015 - 09:07 AM

fixlist.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 ceered

ceered
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 February 2015 - 12:16 PM

Hello again.

 

here is the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by Natalie at 2015-02-14 15:34:31 Run:1
Running from C:\Users\Natalie\Desktop\STUFF
Loaded Profiles: Natalie (Available profiles: Natalie & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\Program Files (x86)\Conduit\
C:\Users\Natalie\AppData\Local\Conduit\
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
C:\Users\Natalie\AppData\Local\Ukvqmedia
C:\Users\Natalie\AppData\Local\Agtworks
CreaterestorePoint:
EmptyTemp:

*****************

Processes closed successfully.
C:\Program Files (x86)\Conduit => Moved successfully.
C:\Users\Natalie\AppData\Local\Conduit => Moved successfully.
C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Moved successfully.
C:\Users\Natalie\AppData\Local\Ukvqmedia => Moved successfully.
C:\Users\Natalie\AppData\Local\Agtworks => Moved successfully.
Restore point was successfully created.
EmptyTemp: => Removed 9.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 15:38:51 ====

 

 

I restarted the computer and ran malwarebytes again and found nothing.

I was able to update windows which I couldn't do and was how I realised there was a problem.

 

However, my initial problem was updating the McAfee security on the lap top and I still couldn't do that.

It needed the antivirus and spyware features but wouldn't let me install them.

So I uninstalled Microsoft security Essentials which I thought might be causing a problem and restarted the lap top but I still couldn't fix the McAfee.

 

Can you see any more problems or should I get in touch with McAfee support to solve the problem?

 

Thanks again for the help.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 14 February 2015 - 02:10 PM

Can you see any more problems...


No more active malware or adware has been found. So we're done! :)

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions:

 

Java 7 Update 67

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 ceered

ceered
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 15 February 2015 - 01:39 PM

Thank you so much. My daughter's lap top is now running properly. :grinner:



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 15 February 2015 - 01:50 PM

You are welcome!

Thank you very much! :)
party.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:08 PM

Posted 16 February 2015 - 04:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users