Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webpages redirecting and pop ups try to force downloads


  • This topic is locked This topic is locked
25 replies to this topic

#1 Ami1977

Ami1977

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 19 August 2015 - 08:38 PM

Hi,

 

 

Chrome is running very slowly on my At the bottom left hand corner of the page, there is a small grey banner telling me that it is waiting for - ib.adnxs.com, p339.atedmda.com, live.sekindo.com, burstnet.com, showads.pubmatic.com, adrta.com, pixel.yabidos.com, waiting for cache, resolving host, processing request, and lots more web addresses with random letters and numbers that only flash up for less than a second. All the time, the tab is still showing the circle going round to show that it it still loading, even though the website I am on has loaded completely.  

After being online for about 5 minutes, the page is redirected to a site that tries to install either Flash  player, a music download site or adobe. A grey Chrome style  pop up box appears saying "New webpage. Flash player update recommended. Please install the new flash player. copyright testing.24.com." It has an "OK" button and a cancel X in the top corner, but even if you click the cancel button the download tries to start immediately, but Chrome advises not to go through with it in the download dialogue box that appears at the bottom of the screen. Sometimes,  the pop up grey Chrome style box doesn't appear, the website is just redirected and either Chrome or my McAfee software blocks it. Eah time it happens, it tries to redirect to a different web address and the message in the pop up box is different (sorry for the vagueness, I didn't make a note each time it happened, and annoyingly, since I've been online now, it's only happened twice. Second time there was no pop up box, just a redirection to musixmuze.goamuze.com and the page said "windows users click the accept and install button below to install the musixmuze search chrome extension).

 

I have already posted on the "Am I infected" board, got some help to run lots of anti virus programmes that did't find anything so Broni advised that I post here. I ran FSS, Minitoolbox, MBAM, MBAR, RKill, Temp file cleaner, AdwCleaner, Junkware REmoval Tool, Sophos free virus removal tool. I have lots of logs details are here. http://www.bleepingcomputer.com/forums/t/586196/very-slow-internet/#entry3789038

 

I have also reset and then reinstalled Chrome and reset the router.

 

All this is happening in Chrome, in Internet explorer, the page loads very slowly and then crashes.

 

Here is my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
Ran by Manso (administrator) on MANSO-PC (20-08-2015 00:17:24)
Running from C:\Users\Manso\Downloads
Loaded Profiles: Manso (Available Profiles: Manso & Ami)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Spotify Ltd) C:\Users\Manso\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Spotify Ltd) C:\Users\Manso\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Spotify Ltd) C:\Users\Manso\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Manso\AppData\Roaming\Spotify\Spotify.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-01-26] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-07-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [Spotify Web Helper] => C:\Users\Manso\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-07] (Spotify Ltd)
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\...\Run: [Spotify] => C:\Users\Manso\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-07] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-04-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-22]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
DPF: HKLM-x32 {0EBD01DC-F720-4FCA-991F-09F4DACF9B5F} hxxp://www.photopanda.co.uk/apps/ipc/downloads//ImageUploader6.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-07-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-07-21] (McAfee, Inc.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}: [NameServer] 81.218.119.15,199.203.35.75
Tcpip\..\Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E06E4232-9F7C-42FD-B0CD-22BD6AD068D9}: [DhcpNameServer] 30.30.1.1 30.30.1.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-09-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (Google Drive) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (Rapport) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-08-17]
CHR Extension: (YouTube) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (SiteAdvisor) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Manso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-05]
CHR HKU\S-1-5-21-2517353418-2260969697-3331613705-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-08-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-07-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-07-29] (IBM Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-07-14] (Advanced Micro Devices)
R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-31] (Microsoft Corporation)
R5 Compbatt; C:\Windows\System32\drivers\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-06-16] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
R5 iaStor; C:\Windows\System32\drivers\iaStor.sys [437272 2010-09-14] (Intel Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R5 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.)
R5 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R1 RapportCerberus_1507063; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [958232 2015-08-11] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500088 2015-07-29] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-07-29] (IBM Corp.)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Manso\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 00:17 - 2015-08-20 00:20 - 00031379 _____ C:\Users\Manso\Downloads\FRST.txt
2015-08-20 00:09 - 2015-08-20 00:17 - 00000000 ____D C:\FRST
2015-08-20 00:08 - 2015-08-20 00:09 - 02173952 _____ (Farbar) C:\Users\Manso\Downloads\FRST64.exe
2015-08-19 18:58 - 2015-08-11 02:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:58 - 2015-08-11 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:58 - 2015-08-11 01:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 18:58 - 2015-08-11 01:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 20:53 - 2015-08-18 20:54 - 07268769 _____ C:\Users\Manso\Downloads\Uber File (5).xlsx
2015-08-17 10:37 - 2015-08-17 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-08-17 10:37 - 2015-08-17 10:37 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-08-17 10:30 - 2015-08-17 10:34 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Manso\Downloads\cbSetup.exe
2015-08-17 00:33 - 2015-08-17 00:33 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-17 00:33 - 2015-08-17 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-17 00:19 - 2015-08-17 00:19 - 00035713 _____ C:\Users\Manso\Desktop\bookmarks_17_08_2015.html
2015-08-14 15:56 - 2015-08-14 15:56 - 00000000 ____D C:\Users\Manso\AppData\Local\{9207EBCC-87EB-4B6F-968A-D468AEC7C09C}
2015-08-14 01:54 - 2015-08-14 01:54 - 00000000 ____D C:\ProgramData\Sophos
2015-08-14 01:53 - 2015-08-14 01:53 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-08-14 01:53 - 2015-08-14 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-14 01:52 - 2015-08-14 01:52 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-14 01:38 - 2015-08-14 01:50 - 128322608 _____ (Sophos Limited) C:\Users\Manso\Downloads\Sophos Virus Removal Tool.exe
2015-08-14 01:27 - 2015-08-14 01:27 - 00001063 _____ C:\Users\Manso\Desktop\JRT.txt
2015-08-14 01:15 - 2015-08-12 02:10 - 01791580 _____ (Malwarebytes Corporation) C:\Users\Manso\Desktop\JRT.exe
2015-08-14 01:07 - 2015-08-14 01:08 - 02248704 _____ C:\Users\Manso\Downloads\adwcleaner_4.208.exe
2015-08-14 01:00 - 2015-08-14 01:00 - 00448512 _____ (OldTimer Tools) C:\Users\Manso\Downloads\TFC (1).exe
2015-08-13 18:50 - 2015-08-13 18:50 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Manso\Downloads\rkill (1).exe
2015-08-13 16:28 - 2015-08-13 16:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Manso\Downloads\mbar-1.09.1.1004.exe
2015-08-13 15:15 - 2015-08-14 01:35 - 00000000 ____D C:\Users\Manso\Desktop\Bleeping computer
2015-08-13 15:10 - 2015-08-13 15:11 - 00046555 _____ C:\Users\Manso\Downloads\MTB.txt
2015-08-13 15:09 - 2015-08-13 15:09 - 00891392 _____ (Farbar) C:\Users\Manso\Downloads\MiniToolBox (1).exe
2015-08-13 15:06 - 2015-08-13 15:06 - 00002351 _____ C:\Users\Manso\Downloads\FSS.txt
2015-08-13 14:49 - 2015-08-13 14:49 - 00899072 _____ (Farbar) C:\Users\Manso\Downloads\FSS.exe
2015-08-13 10:40 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:40 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:01 - 2015-08-13 10:02 - 00852684 _____ C:\Users\Manso\Downloads\SecurityCheck.exe
2015-08-12 10:47 - 2015-07-21 01:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 10:47 - 2015-07-21 01:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 10:47 - 2015-07-16 21:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 10:47 - 2015-07-16 21:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 10:47 - 2015-07-16 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 10:47 - 2015-07-16 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 10:47 - 2015-07-16 21:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 10:47 - 2015-07-16 21:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 10:47 - 2015-07-16 21:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 10:47 - 2015-07-16 21:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 10:47 - 2015-07-16 21:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 10:47 - 2015-07-16 21:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 10:47 - 2015-07-16 21:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 10:47 - 2015-07-16 21:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 10:47 - 2015-07-16 21:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 10:47 - 2015-07-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 10:47 - 2015-07-16 20:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 10:47 - 2015-07-16 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 10:47 - 2015-07-16 20:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 10:47 - 2015-07-16 20:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 10:47 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 10:47 - 2015-07-16 20:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 10:47 - 2015-07-16 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 10:47 - 2015-07-16 20:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 10:47 - 2015-07-16 20:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 10:47 - 2015-07-16 20:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 10:47 - 2015-07-16 20:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 10:47 - 2015-07-16 20:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 10:47 - 2015-07-16 20:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 10:47 - 2015-07-16 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 10:47 - 2015-07-16 20:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 10:47 - 2015-07-16 20:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 10:47 - 2015-07-16 20:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 10:47 - 2015-07-16 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 10:47 - 2015-07-16 20:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 10:47 - 2015-07-16 20:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 10:47 - 2015-07-16 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:47 - 2015-07-16 20:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 10:47 - 2015-07-16 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 10:47 - 2015-07-16 20:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 10:47 - 2015-07-16 20:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 10:47 - 2015-07-16 20:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 10:47 - 2015-07-16 20:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 10:47 - 2015-07-16 20:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 10:47 - 2015-07-16 20:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:47 - 2015-07-16 20:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 10:47 - 2015-07-16 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 10:47 - 2015-07-16 19:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 10:47 - 2015-07-16 19:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 10:47 - 2015-07-16 19:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 10:46 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 10:46 - 2015-07-16 21:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 10:46 - 2015-07-16 21:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 10:46 - 2015-07-16 21:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 10:46 - 2015-07-16 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 10:46 - 2015-07-16 20:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 10:45 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 10:45 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 10:45 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 10:45 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 10:45 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 10:45 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 10:45 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 10:45 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 10:45 - 2015-07-15 19:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 19:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 10:45 - 2015-07-15 19:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 10:45 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 10:45 - 2015-07-15 19:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 10:45 - 2015-07-15 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 10:45 - 2015-07-15 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 10:45 - 2015-07-15 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 10:45 - 2015-07-15 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 10:45 - 2015-07-15 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 10:45 - 2015-07-15 19:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 10:45 - 2015-07-15 19:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 10:45 - 2015-07-15 19:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 10:45 - 2015-07-15 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 10:45 - 2015-07-15 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 10:45 - 2015-07-15 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 10:45 - 2015-07-15 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 19:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 10:45 - 2015-07-15 18:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 18:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 10:45 - 2015-07-15 18:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 10:45 - 2015-07-15 18:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 10:45 - 2015-07-15 18:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 18:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 10:45 - 2015-07-15 18:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 10:45 - 2015-07-15 18:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 10:45 - 2015-07-15 18:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 18:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 10:45 - 2015-07-15 18:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 18:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 10:45 - 2015-07-15 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 10:45 - 2015-07-15 18:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 10:45 - 2015-07-15 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 10:45 - 2015-07-15 18:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 18:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 10:45 - 2015-07-15 17:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 10:45 - 2015-07-15 17:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 10:45 - 2015-07-15 17:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 10:45 - 2015-07-15 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 10:45 - 2015-07-15 17:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 17:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 17:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 17:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:43 - 2015-07-15 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 10:43 - 2015-07-10 18:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 10:43 - 2015-07-10 18:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 10:43 - 2015-07-10 18:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 10:43 - 2015-07-10 18:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 10:43 - 2015-07-10 18:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 10:43 - 2015-07-10 18:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 10:32 - 2015-07-15 04:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 10:32 - 2015-07-15 04:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 10:32 - 2015-07-15 04:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 10:32 - 2015-07-15 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 10:32 - 2015-07-15 03:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 10:32 - 2015-07-15 03:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 10:32 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 10:32 - 2015-07-15 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 10:32 - 2015-07-01 21:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 10:32 - 2015-07-01 21:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 10:32 - 2015-07-01 21:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 10:32 - 2015-07-01 21:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 10:30 - 2015-07-30 19:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 10:30 - 2015-07-30 18:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 10:30 - 2015-07-30 18:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 10:30 - 2015-07-30 18:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 10:30 - 2015-07-30 18:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 10:30 - 2015-07-30 18:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 10:30 - 2015-07-30 18:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 10:30 - 2015-07-30 17:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 10:30 - 2015-07-30 17:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 10:30 - 2015-07-30 17:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 10:27 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 10:27 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 10:27 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 10:27 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 10:27 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 10:27 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 10:27 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 10:27 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 10:27 - 2015-07-10 18:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 10:27 - 2015-07-10 18:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 10:27 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 10:27 - 2015-07-09 18:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 10:27 - 2015-07-09 18:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 10:26 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 22:26 - 2015-08-11 22:27 - 00000000 ____D C:\Users\Manso\AppData\Local\{D0F2C46A-8BF0-45FC-9612-A3095DA0C4B5}
2015-08-11 18:09 - 2015-08-11 18:09 - 00010250 _____ C:\Users\Manso\Downloads\Book1.xlsx
2015-08-10 20:09 - 2015-08-10 20:10 - 00000000 ____D C:\Users\Manso\Desktop\MC Mansolo
2015-08-10 20:08 - 2015-08-10 20:09 - 00000000 ____D C:\Users\Manso\Desktop\Adhoc
2015-08-10 20:07 - 2015-08-10 20:07 - 00000000 ____D C:\Users\Manso\Desktop\Insurance
2015-08-10 20:06 - 2015-08-10 20:09 - 00000000 ____D C:\Users\Manso\Desktop\InvitesEvents
2015-08-10 20:01 - 2015-08-10 20:02 - 00000000 ____D C:\Users\Manso\Desktop\Queenstown Road
2015-08-10 17:41 - 2015-08-10 17:41 - 00000000 ____D C:\Users\Manso\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 17:34 - 2015-08-10 17:34 - 00000000 ____D C:\Users\Ami\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 17:33 - 2015-08-10 17:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-10 17:33 - 2015-08-10 17:33 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-08-10 17:33 - 2015-08-10 17:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-10 17:33 - 2015-08-10 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-10 17:13 - 2015-08-10 17:31 - 22880272 _____ (SUPERAntiSpyware) C:\Users\Ami\Downloads\SUPERAntiSpyware.exe
2015-08-10 16:59 - 2015-08-10 17:00 - 00448512 _____ (OldTimer Tools) C:\Users\Manso\Downloads\TFC.exe
2015-08-10 16:31 - 2015-08-10 16:43 - 09741664 _____ (SurfRight B.V.) C:\Users\Manso\Downloads\HitmanPro_x64.exe
2015-08-10 16:13 - 2015-08-10 16:29 - 09096848 _____ (SurfRight B.V.) C:\Users\Ami\Downloads\HitmanPro.exe
2015-08-09 00:14 - 2015-08-09 00:15 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Ami\Downloads\JRT (2).exe
2015-08-08 22:44 - 2015-08-08 22:44 - 00000000 ____D C:\Daddy and Sia go to LFC
2015-08-08 22:42 - 2015-08-08 22:42 - 00000000 ____D C:\Neneh 2nd birthday
2015-08-08 22:40 - 2015-08-08 22:41 - 00000000 ____D C:\Isle of Wight holiday 2012
2015-08-07 11:43 - 2015-08-07 11:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Manso\Downloads\mbar-1.09.1.1004 (1).exe
2015-08-07 11:07 - 2015-08-07 11:07 - 00000000 ____D C:\Users\Manso\AppData\Local\CEF
2015-08-05 19:57 - 2015-08-05 19:57 - 00134008 ____H C:\Windows\system32\mlfcache.dat
2015-08-04 21:37 - 2015-08-04 21:37 - 00001894 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-08-04 21:37 - 2015-08-04 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-04 21:06 - 2015-08-04 21:07 - 00574162 _____ C:\Users\Manso\Downloads\Setup.zip
2015-07-27 13:44 - 2015-07-27 13:44 - 00006704 ____N C:\bootsqm.dat
2015-07-27 13:41 - 2015-07-27 13:41 - 00000000 __SHD C:\found.000
2015-07-24 17:38 - 2015-07-24 17:38 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-24 17:38 - 2015-07-24 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-24 17:36 - 2015-07-24 17:38 - 00000000 ____D C:\Program Files\iTunes
2015-07-24 17:36 - 2015-07-24 17:36 - 00000000 ____D C:\Program Files\iPod
2015-07-24 17:36 - 2015-07-24 17:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-22 21:23 - 2015-07-22 21:23 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-22 21:23 - 2015-07-22 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-22 21:23 - 2015-07-22 21:23 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-22 18:36 - 2015-07-22 18:36 - 00000268 _____ C:\Users\Ami\Downloads\debug.log
2015-07-21 23:41 - 2015-07-21 23:41 - 00000000 _____ C:\Users\Manso\AppData\Local\{73408A84-433E-4504-B13C-7E20492F464A}
2015-07-21 15:46 - 2015-08-03 11:09 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-07-21 15:46 - 2015-07-21 15:46 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-20 00:22 - 2013-04-17 10:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 00:10 - 2014-02-12 20:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-20 00:09 - 2015-06-16 19:29 - 01350700 _____ C:\Windows\WindowsUpdate.log
2015-08-20 00:09 - 2014-01-08 19:27 - 00000000 ____D C:\Users\Manso\AppData\Roaming\Spotify
2015-08-20 00:09 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 00:09 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 23:54 - 2014-01-08 19:29 - 00000000 ____D C:\Users\Manso\AppData\Local\Spotify
2015-08-19 23:53 - 2014-05-28 21:32 - 00000000 ____D C:\Users\Manso\AppData\Local\HTC MediaHub
2015-08-19 23:53 - 2012-03-01 16:32 - 00000000 ____D C:\ProgramData\clear.fi
2015-08-19 23:52 - 2015-06-16 19:25 - 00006452 _____ C:\Windows\setupact.log
2015-08-19 23:52 - 2013-04-17 10:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 23:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 07:34 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 22:55 - 2015-07-07 17:14 - 07445405 _____ C:\Users\Manso\Desktop\Uber File.xlsx
2015-08-18 10:28 - 2014-05-29 20:16 - 00000000 ____D C:\Users\Ami\AppData\Local\HTC MediaHub
2015-08-17 01:03 - 2015-06-24 19:24 - 00007918 _____ C:\Windows\PFRO.log
2015-08-17 00:33 - 2013-04-17 10:14 - 00000000 ____D C:\Users\Manso\AppData\Local\Google
2015-08-17 00:32 - 2013-04-17 10:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-14 01:11 - 2014-11-24 17:00 - 00000000 ____D C:\AdwCleaner
2015-08-13 18:56 - 2014-11-24 16:41 - 00002122 _____ C:\Users\Manso\Desktop\Rkill.txt
2015-08-13 18:45 - 2014-11-24 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-13 18:45 - 2014-11-24 15:46 - 00000000 ____D C:\Users\Manso\Desktop\mbar
2015-08-13 16:42 - 2014-11-24 14:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-13 16:38 - 2014-11-24 14:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-13 11:08 - 2012-03-03 00:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 11:08 - 2012-03-03 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 11:08 - 2011-09-26 13:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-13 11:08 - 2009-07-14 05:45 - 00315080 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:03 - 2014-12-13 14:30 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 11:03 - 2014-05-08 16:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 10:43 - 2012-02-29 19:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 10:40 - 2012-03-03 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 10:13 - 2013-08-11 22:53 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 09:49 - 2012-03-15 12:30 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 12:10 - 2014-02-12 20:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 11:57 - 2011-09-26 13:10 - 00000000 ____D C:\ProgramData\McAfee
2015-08-12 11:56 - 2011-09-26 13:10 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-08-12 11:53 - 2015-06-28 23:06 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-08-12 11:11 - 2012-03-30 19:50 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 11:11 - 2011-09-26 13:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 22:26 - 2014-03-18 21:12 - 00000000 ____D C:\Users\Manso\AppData\Local\Windows Live
2015-08-11 17:26 - 2013-08-21 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-10 20:14 - 2014-10-02 19:57 - 00000000 ____D C:\Users\Manso\Desktop\BaxterStorey
2015-08-10 20:07 - 2015-07-16 12:40 - 00000000 ____D C:\Users\Manso\Desktop\Job Search
2015-08-10 17:28 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2015-08-10 17:15 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-10 16:29 - 2015-06-16 19:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-08 22:39 - 2015-03-15 14:24 - 00000000 ____D C:\PRINT ME
2015-08-04 21:47 - 2015-07-14 08:16 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-04 21:40 - 2012-07-06 19:09 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-04 21:35 - 2015-07-14 08:17 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-07-29 22:46 - 2012-03-03 12:11 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-07-25 20:03 - 2015-04-05 10:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 17:36 - 2015-03-15 17:19 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-24 17:36 - 2012-02-29 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-22 21:23 - 2015-04-01 21:15 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-22 20:41 - 2012-03-04 19:50 - 00000000 ____D C:\Users\Ami\AppData\Roaming\Apple Computer
2015-07-22 20:11 - 2012-07-11 16:36 - 00000000 ____D C:\Users\Ami\AppData\Local\Apple Computer
2015-07-22 18:36 - 2013-07-15 19:22 - 00000000 ____D C:\Users\Ami\AppData\Local\Google
2015-07-21 14:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2013-11-19 21:41 - 2014-09-24 21:56 - 0000195 _____ () C:\Users\Manso\AppData\Roaming\WB.CFG
2015-07-09 20:06 - 2015-07-09 20:06 - 0000000 _____ () C:\Users\Manso\AppData\Local\{6B2D7D6E-3059-4AA6-B4DD-DDC47783854E}
2015-07-21 23:41 - 2015-07-21 23:41 - 0000000 _____ () C:\Users\Manso\AppData\Local\{73408A84-433E-4504-B13C-7E20492F464A}
2011-10-24 08:17 - 2011-10-24 08:19 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-04-13 20:46 - 2012-04-13 22:49 - 0004631 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-13 15:13
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 23 August 2015 - 12:38 PM

Hi Ami1977,

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

 

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.  :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started  :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 
 
 
:step1: Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

:step2: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 

In your next reply, please include:

  • RogueKiller log
  • TDSSkiller log
  • How is your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 23 August 2015 - 07:08 PM

Hi Jason,

I appreciate your help. Just a quick (silly) question before I start. How do I save the download to my desktop? In Chrome the download starts automatically and the box appears at the bottom of the screen to run/open it.

Thanks, Ami

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 23 August 2015 - 07:28 PM

Not a silly question at all. :) In Chrome, it usually saves to your downloads folder: C:\Users\Manso\Downloads You can let Chrome save it there automatically, and then copy and paste the file from the Downloads folder to your Desktop. It's just easier to find and work with files when they're on the Desktop.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 24 August 2015 - 08:25 AM

HI Jason, Here are my logs. There was nothing found on the TDSS Killer scan, but I restarted anyway - no change in Chrome. Thanks, Ami 

 

 

Rogue Killer log

 

RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Manso [Administrator]
Started from : C:\Users\Manso\Downloads\RogueKiller.exe
Mode : Scan -- Date : 08/24/2015 13:52:25
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91120000-002F-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91120000-002F-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91120000-002F-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {91120000-002F-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2517353418-2260969697-3331613705-1000\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2517353418-2260969697-3331613705-1000\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2517353418-2260969697-3331613705-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2517353418-2260969697-3331613705-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E06E4232-9F7C-42FD-B0CD-22BD6AD068D9} | DhcpNameServer : 30.30.1.1 30.30.1.2 ([UNITED STATES (US)][UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E06E4232-9F7C-42FD-B0CD-22BD6AD068D9} | DhcpNameServer : 30.30.1.1 30.30.1.2 ([UNITED STATES (US)][UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E06E4232-9F7C-42FD-B0CD-22BD6AD068D9} | DhcpNameServer : 30.30.1.1 30.30.1.2 ([UNITED STATES (US)][UNITED STATES (US)])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.com
 
¤¤¤ Antirootkit : 23 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x71480022 (ret|jmp dword [0x7148001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0x71540022 (ret|jmp dword [0x7154001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - DuplicateHandle : Unknown @ 0x71440022 (ret|jmp dword [0x7144001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - CloseHandle : Unknown @ 0x71500022 (ret|jmp dword [0x7150001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateProcessW : Unknown @ 0x714c0022 (ret|jmp dword [0x714c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71ae0022 (ret|jmp dword [0x71ae001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateIoCompletionPort : Unknown @ 0x715c0022 (ret|jmp dword [0x715c001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x719f0022 (jmp 0xfa950392|jmp dword [0x719f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtReadFile : Unknown @ 0x71580022 (ret|jmp dword [0x7158001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll.dll - NtWriteFile : Unknown @ 0x71600022 (ret|jmp dword [0x7160001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNELBASE.dll) ntdll.dll - NtRemoveIoCompletion : Unknown @ 0x71400022 (ret|jmp dword [0x7140001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINMM.dll) USER32.dll - PeekMessageW : Unknown @ 0x719b0022 (ret|jmp dword [0x719b001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ USER32.dll) GDI32.dll - BitBlt : Unknown @ 0x71890022 (ret|jmp dword [0x7189001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ LPK.dll) USER32.dll - SetWindowLongW : Unknown @ 0x71750022 (ret|jmp dword [0x7175001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ IMM32.DLL) USER32.dll - SetWindowPos : Unknown @ 0x71710022 (ret|jmp dword [0x7171001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ IMM32.DLL) USER32.dll - BeginPaint : Unknown @ 0x71850022 (ret|jmp dword [0x7185001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ IMM32.DLL) USER32.dll - ShowWindow : Unknown @ 0x716d0022 (ret|jmp dword [0x716d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - TranslateMessage : Unknown @ 0x71690022 (ret|jmp dword [0x7169001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - GetClipboardData : Unknown @ 0x717f0022 (ret|jmp dword [0x717f001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ SHELL32.dll) USER32.dll - SetParent : Unknown @ 0x71790022 (ret|jmp dword [0x7179001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WINTRUST.dll) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718d0022 (ret|jmp dword [0x718d001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ RapportUtil.dll) WS2_32.dll - getaddrinfo : Unknown @ 0x71650022 (jmp 0xfc71bd8c|jmp dword [0x7165001e]|jmp 0x10)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ WININET.dll) kernel32.dll - SetFileCompletionNotificationModes : Unknown @ 0x713c0022 (ret|jmp dword [0x713c001e]|jmp 0x10)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750423AS +++++
--- User ---
[MBR] c1522017e83603a50cde75ad3339503c
[BSP] b29fba33b94832c74a4d670ed2c103f6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
TDSSKiller log
13:59:17.0520 0x1500  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
13:59:34.0258 0x1500  ============================================================
13:59:34.0259 0x1500  Current date / time: 2015/08/24 13:59:34.0258
13:59:34.0259 0x1500  SystemInfo:
13:59:34.0259 0x1500  
13:59:34.0259 0x1500  OS Version: 6.1.7601 ServicePack: 1.0
13:59:34.0259 0x1500  Product type: Workstation
13:59:34.0259 0x1500  ComputerName: MANSO-PC
13:59:34.0260 0x1500  UserName: Manso
13:59:34.0260 0x1500  Windows directory: C:\Windows
13:59:34.0260 0x1500  System windows directory: C:\Windows
13:59:34.0260 0x1500  Running under WOW64
13:59:34.0260 0x1500  Processor architecture: Intel x64
13:59:34.0260 0x1500  Number of processors: 4
13:59:34.0260 0x1500  Page size: 0x1000
13:59:34.0260 0x1500  Boot type: Normal boot
13:59:34.0260 0x1500  ============================================================
13:59:35.0429 0x1500  KLMD registered as C:\Windows\system32\drivers\77731893.sys
13:59:41.0833 0x1500  System UUID: {7F9F725F-F2BA-0790-BAE4-3A645B33BCBB}
13:59:43.0839 0x1500  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:59:43.0855 0x1500  ============================================================
13:59:43.0855 0x1500  \Device\Harddisk0\DR0:
13:59:43.0856 0x1500  MBR partitions:
13:59:43.0856 0x1500  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
13:59:43.0856 0x1500  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x55713000
13:59:43.0856 0x1500  ============================================================
13:59:43.0905 0x1500  C: <-> \Device\Harddisk0\DR0\Partition2
13:59:43.0964 0x1500  ============================================================
13:59:43.0964 0x1500  Initialize success
13:59:43.0964 0x1500  ============================================================
14:00:12.0283 0x2bd8  ============================================================
14:00:12.0283 0x2bd8  Scan started
14:00:12.0283 0x2bd8  Mode: Manual; 
14:00:12.0283 0x2bd8  ============================================================
14:00:12.0283 0x2bd8  KSN ping started
14:00:30.0582 0x2bd8  KSN ping finished: true
14:00:36.0559 0x2bd8  ================ Scan system memory ========================
14:00:36.0560 0x2bd8  System memory - ok
14:00:36.0561 0x2bd8  ================ Scan services =============================
14:00:36.0712 0x2bd8  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:00:36.0725 0x2bd8  !SASCORE - ok
14:00:37.0036 0x2bd8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:00:37.0051 0x2bd8  1394ohci - ok
14:00:37.0151 0x2bd8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:00:37.0172 0x2bd8  ACPI - ok
14:00:37.0216 0x2bd8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:00:37.0219 0x2bd8  AcpiPmi - ok
14:00:37.0375 0x2bd8  [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:00:37.0383 0x2bd8  AdobeARMservice - ok
14:00:37.0617 0x2bd8  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:00:37.0638 0x2bd8  AdobeFlashPlayerUpdateSvc - ok
14:00:37.0771 0x2bd8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:00:37.0798 0x2bd8  adp94xx - ok
14:00:37.0850 0x2bd8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:00:37.0869 0x2bd8  adpahci - ok
14:00:37.0901 0x2bd8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:00:37.0914 0x2bd8  adpu320 - ok
14:00:37.0954 0x2bd8  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:00:37.0960 0x2bd8  AeLookupSvc - ok
14:00:38.0117 0x2bd8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:00:38.0153 0x2bd8  AFD - ok
14:00:38.0205 0x2bd8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:00:38.0210 0x2bd8  agp440 - ok
14:00:38.0261 0x2bd8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:00:38.0266 0x2bd8  ALG - ok
14:00:38.0374 0x2bd8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:00:38.0377 0x2bd8  aliide - ok
14:00:38.0465 0x2bd8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:00:38.0468 0x2bd8  amdide - ok
14:00:38.0484 0x2bd8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:00:38.0489 0x2bd8  AmdK8 - ok
14:00:38.0545 0x2bd8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:00:38.0550 0x2bd8  AmdPPM - ok
14:00:38.0596 0x2bd8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:00:38.0605 0x2bd8  amdsata - ok
14:00:38.0669 0x2bd8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:00:38.0679 0x2bd8  amdsbs - ok
14:00:38.0725 0x2bd8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:00:38.0728 0x2bd8  amdxata - ok
14:00:38.0756 0x2bd8  [ 92A848F962DA91C631147D566414BB7E, 8F3161A7C1930610819DA3529635B1D28C27E37BE75B2552402C97C78CA33477 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
14:00:38.0760 0x2bd8  AmUStor - ok
14:00:38.0815 0x2bd8  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
14:00:38.0819 0x2bd8  AppID - ok
14:00:38.0848 0x2bd8  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:00:38.0853 0x2bd8  AppIDSvc - ok
14:00:38.0894 0x2bd8  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
14:00:38.0901 0x2bd8  Appinfo - ok
14:00:39.0135 0x2bd8  [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:00:39.0148 0x2bd8  Apple Mobile Device Service - ok
14:00:39.0214 0x2bd8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:00:39.0236 0x2bd8  arc - ok
14:00:39.0270 0x2bd8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:00:39.0275 0x2bd8  arcsas - ok
14:00:39.0495 0x2bd8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:00:39.0639 0x2bd8  aspnet_state - ok
14:00:39.0760 0x2bd8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:00:39.0762 0x2bd8  AsyncMac - ok
14:00:39.0844 0x2bd8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:00:39.0846 0x2bd8  atapi - ok
14:00:40.0020 0x2bd8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:00:40.0042 0x2bd8  AudioEndpointBuilder - ok
14:00:40.0073 0x2bd8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:00:40.0096 0x2bd8  AudioSrv - ok
14:00:40.0152 0x2bd8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:00:40.0157 0x2bd8  AxInstSV - ok
14:00:40.0376 0x2bd8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:00:40.0392 0x2bd8  b06bdrv - ok
14:00:40.0462 0x2bd8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:00:40.0472 0x2bd8  b57nd60a - ok
14:00:40.0651 0x2bd8  [ 87F3BCF82A63E900AF896CD930BF7E05, A68141E81D0541DDC1863FAC0DDBF0362641B8B0DBE06D645D00CC0DB36B30BB ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:00:40.0670 0x2bd8  BBSvc - ok
14:00:40.0731 0x2bd8  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:00:40.0741 0x2bd8  BBUpdate - ok
14:00:41.0171 0x2bd8  [ 134EAF2F64A2268014B92AE5B6B33D02, 9787D6EADC122FD7CA35FA7487BCB9529CFB84F589836718E692E2AC6757001E ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
14:00:41.0307 0x2bd8  BCM43XX - ok
14:00:41.0390 0x2bd8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:00:41.0397 0x2bd8  BDESVC - ok
14:00:41.0576 0x2bd8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:00:41.0579 0x2bd8  Beep - ok
14:00:41.0732 0x2bd8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:00:41.0774 0x2bd8  BFE - ok
14:00:41.0835 0x2bd8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:00:41.0879 0x2bd8  BITS - ok
14:00:41.0920 0x2bd8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:00:41.0924 0x2bd8  blbdrive - ok
14:00:42.0027 0x2bd8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:00:42.0040 0x2bd8  Bonjour Service - ok
14:00:42.0084 0x2bd8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:00:42.0088 0x2bd8  bowser - ok
14:00:42.0107 0x2bd8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:00:42.0109 0x2bd8  BrFiltLo - ok
14:00:42.0135 0x2bd8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:00:42.0137 0x2bd8  BrFiltUp - ok
14:00:42.0198 0x2bd8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:00:42.0205 0x2bd8  Browser - ok
14:00:42.0236 0x2bd8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:00:42.0245 0x2bd8  Brserid - ok
14:00:42.0264 0x2bd8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:00:42.0267 0x2bd8  BrSerWdm - ok
14:00:42.0283 0x2bd8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:00:42.0285 0x2bd8  BrUsbMdm - ok
14:00:42.0305 0x2bd8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:00:42.0307 0x2bd8  BrUsbSer - ok
14:00:42.0328 0x2bd8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:00:42.0331 0x2bd8  BTHMODEM - ok
14:00:42.0355 0x2bd8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:00:42.0363 0x2bd8  bthserv - ok
14:00:42.0467 0x2bd8  [ 58BF7714A312698108A96D0DE2BB6825, 87E0EC24520C9C421AF6A680FEF42E18911AABA373A9F927C5CE77AD50F8196F ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
14:00:42.0470 0x2bd8  cbVSCService11 - ok
14:00:42.0518 0x2bd8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:00:42.0523 0x2bd8  cdfs - ok
14:00:42.0657 0x2bd8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:00:42.0663 0x2bd8  cdrom - ok
14:00:42.0705 0x2bd8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:00:42.0711 0x2bd8  CertPropSvc - ok
14:00:42.0765 0x2bd8  [ 4ECA59628D074CF45633EC7A3D7954D3, 054B4AE94920A06ECF8C65A66DC949B65665679B15733D021120159F6E2460DA ] cfwids          C:\Windows\system32\drivers\cfwids.sys
14:00:42.0768 0x2bd8  cfwids - ok
14:00:42.0796 0x2bd8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:00:42.0799 0x2bd8  circlass - ok
14:00:42.0842 0x2bd8  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
14:00:42.0856 0x2bd8  CLFS - ok
14:00:42.0936 0x2bd8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:00:42.0946 0x2bd8  clr_optimization_v2.0.50727_32 - ok
14:00:42.0996 0x2bd8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:00:43.0003 0x2bd8  clr_optimization_v2.0.50727_64 - ok
14:00:43.0093 0x2bd8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:00:43.0230 0x2bd8  clr_optimization_v4.0.30319_32 - ok
14:00:43.0290 0x2bd8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:00:43.0340 0x2bd8  clr_optimization_v4.0.30319_64 - ok
14:00:43.0392 0x2bd8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:00:43.0395 0x2bd8  CmBatt - ok
14:00:43.0489 0x2bd8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:00:43.0491 0x2bd8  cmdide - ok
14:00:43.0625 0x2bd8  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:00:43.0637 0x2bd8  CNG - ok
14:00:43.0721 0x2bd8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:00:43.0723 0x2bd8  Compbatt - ok
14:00:43.0800 0x2bd8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:00:43.0802 0x2bd8  CompositeBus - ok
14:00:43.0826 0x2bd8  COMSysApp - ok
14:00:44.0321 0x2bd8  cpuz134 - ok
14:00:44.0380 0x2bd8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:00:44.0382 0x2bd8  crcdisk - ok
14:00:44.0439 0x2bd8  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:00:44.0446 0x2bd8  CryptSvc - ok
14:00:44.0580 0x2bd8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:00:44.0595 0x2bd8  DcomLaunch - ok
14:00:44.0642 0x2bd8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:00:44.0656 0x2bd8  defragsvc - ok
14:00:44.0698 0x2bd8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:00:44.0703 0x2bd8  DfsC - ok
14:00:44.0767 0x2bd8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:00:44.0772 0x2bd8  dg_ssudbus - ok
14:00:44.0835 0x2bd8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:00:44.0847 0x2bd8  Dhcp - ok
14:00:45.0040 0x2bd8  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
14:00:45.0197 0x2bd8  DiagTrack - ok
14:00:45.0212 0x2bd8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:00:45.0216 0x2bd8  discache - ok
14:00:45.0303 0x2bd8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:00:45.0306 0x2bd8  Disk - ok
14:00:45.0358 0x2bd8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:00:45.0367 0x2bd8  Dnscache - ok
14:00:45.0392 0x2bd8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:00:45.0403 0x2bd8  dot3svc - ok
14:00:45.0466 0x2bd8  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:00:45.0471 0x2bd8  Dot4 - ok
14:00:45.0531 0x2bd8  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:00:45.0533 0x2bd8  Dot4Print - ok
14:00:45.0555 0x2bd8  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:00:45.0557 0x2bd8  dot4usb - ok
14:00:45.0607 0x2bd8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:00:45.0616 0x2bd8  DPS - ok
14:00:45.0662 0x2bd8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:00:45.0663 0x2bd8  drmkaud - ok
14:00:45.0766 0x2bd8  [ 4AB2A58816CC6BE771F1D8C768B804C5, 8D4D33D68D13A7EB0114959DAE841411961C18C6EDF8E1559649903D20BD3D50 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:00:45.0778 0x2bd8  DsiWMIService - ok
14:00:45.0845 0x2bd8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:00:45.0875 0x2bd8  DXGKrnl - ok
14:00:45.0941 0x2bd8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:00:45.0946 0x2bd8  EapHost - ok
14:00:46.0167 0x2bd8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:00:46.0265 0x2bd8  ebdrv - ok
14:00:46.0315 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] EFS             C:\Windows\System32\lsass.exe
14:00:46.0319 0x2bd8  EFS - ok
14:00:46.0408 0x2bd8  [ 18DD872DD46ACB24E106DC2C9C270466, 7531A880DE4EFA08828B7927A687A10B71BA272C9E88631ED39EAE42E2FF9AD2 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
14:00:46.0418 0x2bd8  EgisTec Ticket Service - ok
14:00:46.0867 0x2bd8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:00:46.0911 0x2bd8  ehRecvr - ok
14:00:46.0956 0x2bd8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:00:46.0969 0x2bd8  ehSched - ok
14:00:47.0063 0x2bd8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:00:47.0078 0x2bd8  elxstor - ok
14:00:47.0177 0x2bd8  [ AC5C64F828C0A6A1350971501AC2A0C7, 920EB0AC38AD65930A747EDC98144010AE97A4B74153B90EE36E9C45055649A1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:00:47.0217 0x2bd8  ePowerSvc - ok
14:00:47.0234 0x2bd8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:00:47.0236 0x2bd8  ErrDev - ok
14:00:47.0297 0x2bd8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:00:47.0314 0x2bd8  EventSystem - ok
14:00:47.0356 0x2bd8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:00:47.0366 0x2bd8  exfat - ok
14:00:47.0386 0x2bd8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:00:47.0397 0x2bd8  fastfat - ok
14:00:47.0468 0x2bd8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:00:47.0490 0x2bd8  Fax - ok
14:00:47.0512 0x2bd8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:00:47.0514 0x2bd8  fdc - ok
14:00:47.0569 0x2bd8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:00:47.0572 0x2bd8  fdPHost - ok
14:00:47.0584 0x2bd8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:00:47.0589 0x2bd8  FDResPub - ok
14:00:47.0628 0x2bd8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:00:47.0631 0x2bd8  FileInfo - ok
14:00:47.0674 0x2bd8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:00:47.0677 0x2bd8  Filetrace - ok
14:00:47.0786 0x2bd8  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:00:47.0825 0x2bd8  FLEXnet Licensing Service - ok
14:00:47.0841 0x2bd8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:00:47.0843 0x2bd8  flpydisk - ok
14:00:47.0872 0x2bd8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:00:47.0882 0x2bd8  FltMgr - ok
14:00:47.0986 0x2bd8  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
14:00:48.0041 0x2bd8  FontCache - ok
14:00:48.0185 0x2bd8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:00:48.0189 0x2bd8  FontCache3.0.0.0 - ok
14:00:48.0221 0x2bd8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:00:48.0224 0x2bd8  FsDepends - ok
14:00:48.0238 0x2bd8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:00:48.0241 0x2bd8  Fs_Rec - ok
14:00:48.0310 0x2bd8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:00:48.0317 0x2bd8  fvevol - ok
14:00:48.0358 0x2bd8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:00:48.0361 0x2bd8  gagp30kx - ok
14:00:48.0459 0x2bd8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:00:48.0469 0x2bd8  GamesAppService - ok
14:00:48.0626 0x2bd8  [ F51B9E62A3B99AB8487499D2783D5A9F, 834C06B84141907F4620D631D87F7F688226C9C7B6189D1CE900055B6775B760 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
14:00:48.0676 0x2bd8  Garmin Device Interaction Service - ok
14:00:48.0715 0x2bd8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:00:48.0717 0x2bd8  GEARAspiWDM - ok
14:00:48.0777 0x2bd8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:00:48.0822 0x2bd8  gpsvc - ok
14:00:48.0916 0x2bd8  [ 84E58FEA8B1A7537696A20C59CB9B0C9, 21F36D45612247DD81CC55FCDA56496BE8BBE384E8FBCCB6184D69F77A59F5C0 ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:00:48.0918 0x2bd8  GREGService - ok
14:00:49.0003 0x2bd8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:00:49.0010 0x2bd8  gupdate - ok
14:00:49.0018 0x2bd8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:00:49.0021 0x2bd8  gupdatem - ok
14:00:49.0091 0x2bd8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:00:49.0101 0x2bd8  gusvc - ok
14:00:49.0125 0x2bd8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:00:49.0127 0x2bd8  hcw85cir - ok
14:00:49.0211 0x2bd8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:00:49.0222 0x2bd8  HdAudAddService - ok
14:00:49.0280 0x2bd8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:00:49.0285 0x2bd8  HDAudBus - ok
14:00:49.0302 0x2bd8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:00:49.0304 0x2bd8  HidBatt - ok
14:00:49.0330 0x2bd8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:00:49.0334 0x2bd8  HidBth - ok
14:00:49.0355 0x2bd8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:00:49.0358 0x2bd8  HidIr - ok
14:00:49.0393 0x2bd8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:00:49.0396 0x2bd8  hidserv - ok
14:00:49.0460 0x2bd8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:00:49.0462 0x2bd8  HidUsb - ok
14:00:49.0638 0x2bd8  [ E7AF59F1E0352F5EBEC4ECD32103D405, 0E02E031799F407A1BCE926D46471E7EFB8820359CBDE73759219B86C1882EB8 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
14:00:49.0644 0x2bd8  HipShieldK - ok
14:00:49.0731 0x2bd8  [ 9918B9C21E2033DD1F1872D3D06B418D, 07C5E4236DE258920DB9F742E750C0B5D85479BD01A6DCF049ADA1F092E07B06 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
14:00:49.0733 0x2bd8  hitmanpro37 - ok
14:00:49.0759 0x2bd8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:00:49.0765 0x2bd8  hkmsvc - ok
14:00:49.0818 0x2bd8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:00:49.0828 0x2bd8  HomeGroupListener - ok
14:00:49.0852 0x2bd8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:00:49.0864 0x2bd8  HomeGroupProvider - ok
14:00:50.0012 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:00:50.0031 0x2bd8  HomeNetSvc - ok
14:00:50.0154 0x2bd8  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:00:50.0167 0x2bd8  hpqcxs08 - ok
14:00:50.0194 0x2bd8  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:00:50.0203 0x2bd8  hpqddsvc - ok
14:00:50.0255 0x2bd8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:00:50.0258 0x2bd8  HpSAMD - ok
14:00:50.0355 0x2bd8  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:00:50.0409 0x2bd8  HPSLPSVC - ok
14:00:50.0576 0x2bd8  [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
14:00:50.0581 0x2bd8  HTCMonitorService - ok
14:00:50.0626 0x2bd8  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
14:00:50.0629 0x2bd8  htcnprot - ok
14:00:50.0679 0x2bd8  [ 7C7C986776D00E575BFBDE5DCBDC615D, 4CF12851A5A45917C3A9139B19D79434F2038611B617F83A714506CC7A1A6C61 ] HtcVCom32       C:\Windows\system32\DRIVERS\HtcVComV64.sys
14:00:50.0684 0x2bd8  HtcVCom32 - ok
14:00:50.0753 0x2bd8  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:00:50.0773 0x2bd8  HTTP - ok
14:00:50.0793 0x2bd8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:00:50.0795 0x2bd8  hwpolicy - ok
14:00:50.0857 0x2bd8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:00:50.0862 0x2bd8  i8042prt - ok
14:00:50.0923 0x2bd8  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:00:50.0937 0x2bd8  iaStor - ok
14:00:51.0046 0x2bd8  [ B25F192EA1F84A316EB7C19EFCCCF33D, 00BACE87CCA40722FF3AD7243439201CDCC23D0BA01E25F928BF63DA12816F8F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:00:51.0049 0x2bd8  IAStorDataMgrSvc - ok
14:00:51.0081 0x2bd8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:00:51.0098 0x2bd8  iaStorV - ok
14:00:51.0182 0x2bd8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:00:51.0242 0x2bd8  idsvc - ok
14:00:51.0291 0x2bd8  IEEtwCollectorService - ok
14:00:51.0825 0x2bd8  [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:00:52.0297 0x2bd8  igfx - ok
14:00:52.0364 0x2bd8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:00:52.0369 0x2bd8  iirsp - ok
14:00:52.0446 0x2bd8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:00:52.0486 0x2bd8  IKEEXT - ok
14:00:52.0656 0x2bd8  [ 718A4008EE5DA174400396B27509EF82, 01F563AFF8156B3B72FB0ED1F25F6F451157FE0C4C5671072FD62FD1ED7F73AA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:00:52.0785 0x2bd8  IntcAzAudAddService - ok
14:00:52.0862 0x2bd8  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:00:52.0874 0x2bd8  IntcDAud - ok
14:00:52.0931 0x2bd8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:00:52.0942 0x2bd8  intelide - ok
14:00:53.0001 0x2bd8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:00:53.0006 0x2bd8  intelppm - ok
14:00:53.0071 0x2bd8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:00:53.0078 0x2bd8  IPBusEnum - ok
14:00:53.0126 0x2bd8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:00:53.0131 0x2bd8  IpFilterDriver - ok
14:00:53.0238 0x2bd8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:00:53.0255 0x2bd8  iphlpsvc - ok
14:00:53.0293 0x2bd8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:00:53.0297 0x2bd8  IPMIDRV - ok
14:00:53.0329 0x2bd8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:00:53.0335 0x2bd8  IPNAT - ok
14:00:53.0733 0x2bd8  [ E8D96F840994291789F0CDE6800AC1A4, 35B39474B6385DA828D4212047F5C94775FC3C55E8C72EAA503D763D86F9BFB7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:00:53.0766 0x2bd8  iPod Service - ok
14:00:53.0831 0x2bd8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:00:53.0833 0x2bd8  IRENUM - ok
14:00:53.0870 0x2bd8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:00:53.0882 0x2bd8  isapnp - ok
14:00:53.0959 0x2bd8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:00:53.0970 0x2bd8  iScsiPrt - ok
14:00:54.0042 0x2bd8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:00:54.0052 0x2bd8  kbdclass - ok
14:00:54.0110 0x2bd8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:00:54.0115 0x2bd8  kbdhid - ok
14:00:54.0141 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] KeyIso          C:\Windows\system32\lsass.exe
14:00:54.0145 0x2bd8  KeyIso - ok
14:00:54.0180 0x2bd8  [ 67A1743377EBB5D9A370A8C2086CFDCC, 2F0FD6C1969B1EEEEFFC1A8F972E1E90F1AD9558FF00EC159BC19ED927FD4BF5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:00:54.0185 0x2bd8  KSecDD - ok
14:00:54.0219 0x2bd8  [ 522A1595D5701800DD41B2D472F5AAED, B62924AE94A5AC454AD6057BC133D717BB1C6445BE36D6BECAB76E1600F60C33 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:00:54.0226 0x2bd8  KSecPkg - ok
14:00:54.0245 0x2bd8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:00:54.0255 0x2bd8  ksthunk - ok
14:00:54.0359 0x2bd8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:00:54.0375 0x2bd8  KtmRm - ok
14:00:54.0456 0x2bd8  [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
14:00:54.0462 0x2bd8  L1C - ok
14:00:54.0538 0x2bd8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:00:54.0548 0x2bd8  LanmanServer - ok
14:00:54.0616 0x2bd8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:00:54.0623 0x2bd8  LanmanWorkstation - ok
14:00:55.0048 0x2bd8  [ 243D0DFFFCC389D09F341F88AF5C56A4, 88038BBB878A232F1F38F11075C74B9026808360C055D42C526FACFAC1A0B232 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
14:00:55.0386 0x2bd8  LeapFrog Connect Device Service - ok
14:00:55.0566 0x2bd8  [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:00:55.0576 0x2bd8  Live Updater Service - ok
14:00:55.0694 0x2bd8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:00:55.0706 0x2bd8  lltdio - ok
14:00:55.0796 0x2bd8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:00:55.0810 0x2bd8  lltdsvc - ok
14:00:55.0836 0x2bd8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:00:55.0844 0x2bd8  lmhosts - ok
14:00:55.0970 0x2bd8  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:00:55.0985 0x2bd8  LMS - ok
14:00:56.0041 0x2bd8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:00:56.0047 0x2bd8  LSI_FC - ok
14:00:56.0068 0x2bd8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:00:56.0074 0x2bd8  LSI_SAS - ok
14:00:56.0095 0x2bd8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:00:56.0100 0x2bd8  LSI_SAS2 - ok
14:00:56.0124 0x2bd8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:00:56.0131 0x2bd8  LSI_SCSI - ok
14:00:56.0189 0x2bd8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:00:56.0196 0x2bd8  luafv - ok
14:00:56.0277 0x2bd8  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:00:56.0281 0x2bd8  MBAMProtector - ok
14:00:56.0431 0x2bd8  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
14:00:56.0487 0x2bd8  MBAMService - ok
14:00:56.0531 0x2bd8  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:00:56.0535 0x2bd8  MBAMWebAccessControl - ok
14:00:56.0635 0x2bd8  [ 37D933470CA4BA9CDA7238CCBAA21AEE, 38E2E0E937F00374B7ACD9C7258579724A16A0B33C438CEAE183A6B5C9DB1F3E ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:00:56.0643 0x2bd8  McAfee SiteAdvisor Service - ok
14:00:56.0757 0x2bd8  [ D0916171BE2F9B55BB2B064DE1CCF6F5, 774DA9635103754C1CDA851036904799A88FB65139AFAB72BEA7142589E7AEB1 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
14:00:56.0812 0x2bd8  McAPExe - ok
14:00:56.0861 0x2bd8  [ 9504F1DDA1B67FB8D526FD4F8CC882F3, 99B35D5B8879B556CD0D1825F7AECC1124FFAD3EB39C10B77B7522E145FC00B3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
14:00:56.0873 0x2bd8  McAWFwk - ok
14:00:57.0007 0x2bd8  [ 61E27025735991FB61E2B5324357CEE5, 3D145E558625A33336DDE3A9B3A3214D6AC2EBF8E35C19E5CE755C1F97568C0F ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
14:00:57.0020 0x2bd8  McComponentHostService - ok
14:00:57.0364 0x2bd8  [ 998D0AAC182C536C258F7EDF0DCABCB5, 983DE1F52B232369EDAC0E0852815D74A05871A090B49FC16E24FF21B1779F10 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
14:00:57.0454 0x2bd8  mccspsvc - ok
14:00:57.0581 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:00:57.0590 0x2bd8  McMPFSvc - ok
14:00:57.0662 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] McNaiAnn        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
14:00:57.0671 0x2bd8  McNaiAnn - ok
14:00:57.0940 0x2bd8  [ C32F9DAFD27557A53ED44915075B5658, 3C14A497021BA51AD8200D94B898ABA039666ED971C3AE4EB4859A35BDFFD564 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
14:00:57.0959 0x2bd8  McODS - ok
14:00:58.0030 0x2bd8  [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:00:58.0038 0x2bd8  McOobeSv - ok
14:00:58.0080 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] mcpltsvc        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
14:00:58.0089 0x2bd8  mcpltsvc - ok
14:00:58.0115 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] McProxy         C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
14:00:58.0126 0x2bd8  McProxy - ok
14:00:58.0173 0x2bd8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:00:58.0178 0x2bd8  Mcx2Svc - ok
14:00:58.0226 0x2bd8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:00:58.0229 0x2bd8  megasas - ok
14:00:58.0260 0x2bd8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:00:58.0272 0x2bd8  MegaSR - ok
14:00:58.0321 0x2bd8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:00:58.0323 0x2bd8  MEIx64 - ok
14:00:58.0403 0x2bd8  [ B57322E3BC44A1F0A9C97B68A9EFF495, 2C967B0E965DF834BDC92E3D12E372CB47BA88CB02B0B12FA2AE7B94C2AD80A1 ] mfeaack         C:\Windows\system32\drivers\mfeaack.sys
14:00:58.0419 0x2bd8  mfeaack - ok
14:00:58.0488 0x2bd8  [ 2BD453B97EF1B1DB5AA195A261F926F8, 47582D78B3ADD1D77F98C5D4EC89B1EC1EE7A79677691FAE543DECA2EE5ACF79 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
14:00:58.0502 0x2bd8  mfeavfk - ok
14:00:58.0628 0x2bd8  [ B58B438EE841934F0425AC91560D13F4, 3D6FAFB2E7EB3616E2A4827D713DB95795AFA0D50140F8DDF08C102838776277 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:00:58.0638 0x2bd8  mfefire - ok
14:00:58.0693 0x2bd8  [ 9F9BC4DBB610F1AD600F619416A6144D, DE957B0CEF45A4DFD5280DFF8EC4D3EDFBE00E1CB920262D2F6B86E19DDAD7C6 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
14:00:58.0712 0x2bd8  mfefirek - ok
14:00:58.0796 0x2bd8  [ B98911F49EA2F83A9079315846BE1E53, 2335ED3F166D5B10F2DBECE330C1FE8D50E1DEE4EA7D523AB6AC79E99A26C206 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
14:00:58.0840 0x2bd8  mfehidk - ok
14:00:58.0904 0x2bd8  [ 172F71DAFD8D139CB12D20A2A9986676, 9B2CBCE81C7EE0A150CDC4F68370D0B75E9AE57BDB82A4D1B74F4F9F09329240 ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
14:00:58.0918 0x2bd8  mfemms - ok
14:00:58.0976 0x2bd8  [ 759ABC713BCA60F5508FC1455046670D, 1E8E903982B04D66ACBA0251B5256189F1BA4BD024A1C5F2E37E24D6CD1F96F3 ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
14:00:59.0026 0x2bd8  mfencbdc - ok
14:00:59.0041 0x2bd8  [ 3924A68351C527CCB1AEF2DF486F0C35, C308C472DCB370D10935B1B00368C27F9F66B650F64D9B454495CD1CC5ABF3B6 ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
14:00:59.0047 0x2bd8  mfencrk - ok
14:00:59.0398 0x2bd8  [ C4BF34A9C33832F9A23E849883D8D88D, 4DB4C025AE514A568E09943463E16B51C2A711C7567F3E7F34C8D266DACD87D4 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
14:00:59.0402 0x2bd8  mfesapsn - ok
14:00:59.0447 0x2bd8  [ E2082E1EF67506041CAD66D905494B43, B577E1D37D16A9FDA9818317D4A8DB0FF49F1099D983F014FFDB697A3FC889F7 ] mfevtp          C:\Windows\system32\mfevtps.exe
14:00:59.0455 0x2bd8  mfevtp - ok
14:00:59.0634 0x2bd8  [ 34CA0FA858BC45FA83247AAD4976CCE7, 676ED2E7EE58D2316F2DC05AB4BD9F9CFE75570E9919D568ACC992B4F9152514 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
14:00:59.0645 0x2bd8  mfewfpk - ok
14:00:59.0710 0x2bd8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:00:59.0713 0x2bd8  MMCSS - ok
14:00:59.0755 0x2bd8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:00:59.0758 0x2bd8  Modem - ok
14:00:59.0815 0x2bd8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:00:59.0818 0x2bd8  monitor - ok
14:00:59.0843 0x2bd8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:00:59.0846 0x2bd8  mouclass - ok
14:00:59.0880 0x2bd8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:00:59.0883 0x2bd8  mouhid - ok
14:00:59.0924 0x2bd8  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:00:59.0927 0x2bd8  mountmgr - ok
14:00:59.0956 0x2bd8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:00:59.0963 0x2bd8  mpio - ok
14:00:59.0982 0x2bd8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:00:59.0987 0x2bd8  mpsdrv - ok
14:01:00.0052 0x2bd8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:01:00.0090 0x2bd8  MpsSvc - ok
14:01:00.0127 0x2bd8  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:01:00.0133 0x2bd8  MRxDAV - ok
14:01:00.0173 0x2bd8  [ B2081803D510DCE174992BA880EDCA70, 37DB53C9756EC03EB7165DEB58251615D70B7C86DF32A54DE25ADAF30A04D792 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:00.0179 0x2bd8  mrxsmb - ok
14:01:00.0216 0x2bd8  [ 552FA62B0EFECD22D8D52499324BCA4F, C3A02C9C30C36928AC7B1025496544967187A05BEF5D100B54F2C0155E47145C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:00.0227 0x2bd8  mrxsmb10 - ok
14:01:00.0257 0x2bd8  [ 97687971F9CB30E2633DE0F1296B9F61, 865DA87523E4C32D65D55D5475A5CDDFA10699780DA500E6D606384FB3BEB1BE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:00.0263 0x2bd8  mrxsmb20 - ok
14:01:00.0304 0x2bd8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:01:00.0307 0x2bd8  msahci - ok
14:01:00.0350 0x2bd8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:01:00.0356 0x2bd8  msdsm - ok
14:01:00.0378 0x2bd8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:01:00.0383 0x2bd8  MSDTC - ok
14:01:00.0430 0x2bd8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:01:00.0432 0x2bd8  Msfs - ok
14:01:00.0450 0x2bd8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:01:00.0453 0x2bd8  mshidkmdf - ok
14:01:00.0474 0x2bd8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:01:00.0477 0x2bd8  msisadrv - ok
14:01:00.0522 0x2bd8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:01:00.0530 0x2bd8  MSiSCSI - ok
14:01:00.0538 0x2bd8  msiserver - ok
14:01:00.0589 0x2bd8  [ 08CCC7622DDDFD649F75F9CFA53E4229, 257C8C285DDAA1CB1AAD3F799235972D0FF9577BE97859337437D4562B7CE4E4 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
14:01:00.0598 0x2bd8  MSK80Service - ok
14:01:00.0632 0x2bd8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:01:00.0636 0x2bd8  MSKSSRV - ok
14:01:00.0649 0x2bd8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:00.0653 0x2bd8  MSPCLOCK - ok
14:01:00.0674 0x2bd8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:01:00.0677 0x2bd8  MSPQM - ok
14:01:00.0705 0x2bd8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:01:00.0718 0x2bd8  MsRPC - ok
14:01:00.0739 0x2bd8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:01:00.0743 0x2bd8  mssmbios - ok
14:01:00.0758 0x2bd8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:01:00.0761 0x2bd8  MSTEE - ok
14:01:00.0775 0x2bd8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:01:00.0778 0x2bd8  MTConfig - ok
14:01:00.0798 0x2bd8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:01:00.0802 0x2bd8  Mup - ok
14:01:00.0839 0x2bd8  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:01:00.0842 0x2bd8  mwlPSDFilter - ok
14:01:00.0887 0x2bd8  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:01:00.0890 0x2bd8  mwlPSDNServ - ok
14:01:00.0904 0x2bd8  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:01:00.0907 0x2bd8  mwlPSDVDisk - ok
14:01:00.0979 0x2bd8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:01:00.0995 0x2bd8  napagent - ok
14:01:01.0069 0x2bd8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:01:01.0082 0x2bd8  NativeWifiP - ok
14:01:01.0153 0x2bd8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:01:01.0179 0x2bd8  NDIS - ok
14:01:01.0213 0x2bd8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:01.0216 0x2bd8  NdisCap - ok
14:01:01.0267 0x2bd8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:01.0271 0x2bd8  NdisTapi - ok
14:01:01.0291 0x2bd8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:01.0295 0x2bd8  Ndisuio - ok
14:01:01.0315 0x2bd8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:01.0324 0x2bd8  NdisWan - ok
14:01:01.0340 0x2bd8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:01:01.0345 0x2bd8  NDProxy - ok
14:01:01.0413 0x2bd8  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:01:01.0417 0x2bd8  Net Driver HPZ12 - ok
14:01:01.0437 0x2bd8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:01:01.0442 0x2bd8  NetBIOS - ok
14:01:01.0530 0x2bd8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:01:01.0537 0x2bd8  NetBT - ok
14:01:01.0659 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] Netlogon        C:\Windows\system32\lsass.exe
14:01:01.0661 0x2bd8  Netlogon - ok
14:01:01.0730 0x2bd8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:01:01.0740 0x2bd8  Netman - ok
14:01:01.0837 0x2bd8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:01.0846 0x2bd8  NetMsmqActivator - ok
14:01:01.0857 0x2bd8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:01.0862 0x2bd8  NetPipeActivator - ok
14:01:01.0903 0x2bd8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:01:01.0920 0x2bd8  netprofm - ok
14:01:01.0950 0x2bd8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:01.0955 0x2bd8  NetTcpActivator - ok
14:01:01.0967 0x2bd8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:01:01.0972 0x2bd8  NetTcpPortSharing - ok
14:01:02.0025 0x2bd8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:01:02.0028 0x2bd8  nfrd960 - ok
14:01:02.0064 0x2bd8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:01:02.0076 0x2bd8  NlaSvc - ok
14:01:02.0250 0x2bd8  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:01:02.0349 0x2bd8  NOBU - ok
14:01:02.0374 0x2bd8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:01:02.0378 0x2bd8  Npfs - ok
14:01:02.0424 0x2bd8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:01:02.0428 0x2bd8  nsi - ok
14:01:02.0463 0x2bd8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:01:02.0465 0x2bd8  nsiproxy - ok
14:01:02.0562 0x2bd8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:01:02.0632 0x2bd8  Ntfs - ok
14:01:02.0726 0x2bd8  [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
14:01:02.0735 0x2bd8  NTI IScheduleSvc - ok
14:01:02.0780 0x2bd8  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
14:01:02.0783 0x2bd8  NTIDrvr - ok
14:01:02.0800 0x2bd8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:01:02.0803 0x2bd8  Null - ok
14:01:02.0827 0x2bd8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:01:02.0834 0x2bd8  nvraid - ok
14:01:02.0852 0x2bd8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:01:02.0860 0x2bd8  nvstor - ok
14:01:02.0885 0x2bd8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:01:02.0891 0x2bd8  nv_agp - ok
14:01:03.0037 0x2bd8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:01:03.0053 0x2bd8  odserv - ok
14:01:03.0077 0x2bd8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:01:03.0082 0x2bd8  ohci1394 - ok
14:01:03.0130 0x2bd8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:03.0136 0x2bd8  ose - ok
14:01:03.0187 0x2bd8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:01:03.0197 0x2bd8  p2pimsvc - ok
14:01:03.0229 0x2bd8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:01:03.0244 0x2bd8  p2psvc - ok
14:01:03.0286 0x2bd8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:01:03.0291 0x2bd8  Parport - ok
14:01:03.0340 0x2bd8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:01:03.0344 0x2bd8  partmgr - ok
14:01:03.0450 0x2bd8  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
14:01:03.0456 0x2bd8  PassThru Service - ok
14:01:03.0541 0x2bd8  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:01:03.0547 0x2bd8  PcaSvc - ok
14:01:03.0570 0x2bd8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:01:03.0578 0x2bd8  pci - ok
14:01:03.0616 0x2bd8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:01:03.0619 0x2bd8  pciide - ok
14:01:03.0670 0x2bd8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:01:03.0679 0x2bd8  pcmcia - ok
14:01:03.0693 0x2bd8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:01:03.0697 0x2bd8  pcw - ok
14:01:03.0749 0x2bd8  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:01:03.0783 0x2bd8  PEAUTH - ok
14:01:03.0863 0x2bd8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:01:03.0867 0x2bd8  PerfHost - ok
14:01:03.0966 0x2bd8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:01:04.0023 0x2bd8  pla - ok
14:01:04.0113 0x2bd8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:01:04.0127 0x2bd8  PlugPlay - ok
14:01:04.0190 0x2bd8  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:01:04.0195 0x2bd8  Pml Driver HPZ12 - ok
14:01:04.0229 0x2bd8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:01:04.0233 0x2bd8  PNRPAutoReg - ok
14:01:04.0263 0x2bd8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:01:04.0272 0x2bd8  PNRPsvc - ok
14:01:04.0332 0x2bd8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:01:04.0349 0x2bd8  PolicyAgent - ok
14:01:04.0381 0x2bd8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:01:04.0387 0x2bd8  Power - ok
14:01:04.0437 0x2bd8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:01:04.0442 0x2bd8  PptpMiniport - ok
14:01:04.0484 0x2bd8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:01:04.0488 0x2bd8  Processor - ok
14:01:04.0541 0x2bd8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:01:04.0548 0x2bd8  ProfSvc - ok
14:01:04.0568 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:01:04.0571 0x2bd8  ProtectedStorage - ok
14:01:04.0604 0x2bd8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:01:04.0608 0x2bd8  Psched - ok
14:01:04.0677 0x2bd8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:01:04.0741 0x2bd8  ql2300 - ok
14:01:04.0807 0x2bd8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:01:04.0812 0x2bd8  ql40xx - ok
14:01:04.0858 0x2bd8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:01:04.0870 0x2bd8  QWAVE - ok
14:01:04.0893 0x2bd8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:01:04.0897 0x2bd8  QWAVEdrv - ok
14:01:05.0143 0x2bd8  [ 602F0E7767955CED93A2B721A88120B5, AF6F3D6D718B9AECBA1FC34E995CDBD55097C4FDF9228DA3D2E47653130F8E4F ] RapportCerberus_1507063 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys
14:01:05.0178 0x2bd8  RapportCerberus_1507063 - ok
14:01:05.0279 0x2bd8  [ 9B1CA53B500B3E308C42252898B130D5, 55C1E284C0FE8ED400A064B8E86B3F79B55874F8601793BA148097343F49E9DD ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
14:01:05.0300 0x2bd8  RapportEI64 - ok
14:01:05.0360 0x2bd8  [ 031305E91BFE7A4F77118E7FE6F7CE17, 7D5449943F59A1A9D4DCA89CA0C9332FCAF5661BA5277E2C060F6C60E1053DB6 ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
14:01:05.0378 0x2bd8  RapportKE64 - ok
14:01:05.0585 0x2bd8  [ 056C975CCA98720043F0D8FB1DB24E9E, 2915E3C0511F4027F1577B65937EE91AA6F5B1348300CACF0DBA373ED7DECA91 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
14:01:05.0663 0x2bd8  RapportMgmtService - ok
14:01:05.0685 0x2bd8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:01:05.0687 0x2bd8  RasAcd - ok
14:01:05.0741 0x2bd8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:05.0745 0x2bd8  RasAgileVpn - ok
14:01:05.0783 0x2bd8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:01:05.0788 0x2bd8  RasAuto - ok
14:01:05.0819 0x2bd8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:05.0824 0x2bd8  Rasl2tp - ok
14:01:05.0849 0x2bd8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:01:05.0864 0x2bd8  RasMan - ok
14:01:05.0880 0x2bd8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:05.0890 0x2bd8  RasPppoe - ok
14:01:05.0951 0x2bd8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:01:05.0956 0x2bd8  RasSstp - ok
14:01:06.0035 0x2bd8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:01:06.0048 0x2bd8  rdbss - ok
14:01:06.0076 0x2bd8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:01:06.0109 0x2bd8  rdpbus - ok
14:01:06.0124 0x2bd8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:06.0126 0x2bd8  RDPCDD - ok
14:01:06.0151 0x2bd8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:01:06.0153 0x2bd8  RDPENCDD - ok
14:01:06.0184 0x2bd8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:01:06.0186 0x2bd8  RDPREFMP - ok
14:01:06.0280 0x2bd8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:01:06.0288 0x2bd8  RDPWD - ok
14:01:06.0338 0x2bd8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:01:06.0347 0x2bd8  rdyboost - ok
14:01:06.0406 0x2bd8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:01:06.0412 0x2bd8  RemoteAccess - ok
14:01:06.0469 0x2bd8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:01:06.0479 0x2bd8  RemoteRegistry - ok
14:01:06.0563 0x2bd8  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
14:01:06.0569 0x2bd8  Revoflt - ok
14:01:06.0630 0x2bd8  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:01:06.0638 0x2bd8  RimUsb - ok
14:01:06.0692 0x2bd8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:01:06.0696 0x2bd8  RpcEptMapper - ok
14:01:06.0732 0x2bd8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:01:06.0734 0x2bd8  RpcLocator - ok
14:01:06.0810 0x2bd8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:01:06.0829 0x2bd8  RpcSs - ok
14:01:06.0900 0x2bd8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:01:06.0905 0x2bd8  rspndr - ok
14:01:06.0928 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] SamSs           C:\Windows\system32\lsass.exe
14:01:06.0932 0x2bd8  SamSs - ok
14:01:07.0212 0x2bd8  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:01:07.0219 0x2bd8  SASDIFSV - ok
14:01:07.0319 0x2bd8  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:01:07.0325 0x2bd8  SASKUTIL - ok
14:01:07.0356 0x2bd8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:01:07.0362 0x2bd8  sbp2port - ok
14:01:07.0418 0x2bd8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:01:07.0427 0x2bd8  SCardSvr - ok
14:01:07.0448 0x2bd8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:01:07.0452 0x2bd8  scfilter - ok
14:01:07.0662 0x2bd8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:01:07.0785 0x2bd8  Schedule - ok
14:01:07.0840 0x2bd8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:01:07.0843 0x2bd8  SCPolicySvc - ok
14:01:07.0930 0x2bd8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:01:07.0946 0x2bd8  SDRSVC - ok
14:01:07.0996 0x2bd8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:01:08.0003 0x2bd8  secdrv - ok
14:01:08.0039 0x2bd8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:01:08.0051 0x2bd8  seclogon - ok
14:01:08.0134 0x2bd8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:01:08.0139 0x2bd8  SENS - ok
14:01:08.0195 0x2bd8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:01:08.0204 0x2bd8  SensrSvc - ok
14:01:08.0224 0x2bd8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:01:08.0227 0x2bd8  Serenum - ok
14:01:08.0268 0x2bd8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:01:08.0275 0x2bd8  Serial - ok
14:01:08.0294 0x2bd8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:01:08.0297 0x2bd8  sermouse - ok
14:01:08.0333 0x2bd8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:01:08.0340 0x2bd8  SessionEnv - ok
14:01:08.0376 0x2bd8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:01:08.0379 0x2bd8  sffdisk - ok
14:01:08.0397 0x2bd8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:01:08.0400 0x2bd8  sffp_mmc - ok
14:01:08.0406 0x2bd8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:01:08.0409 0x2bd8  sffp_sd - ok
14:01:08.0432 0x2bd8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:01:08.0440 0x2bd8  sfloppy - ok
14:01:08.0592 0x2bd8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:01:08.0608 0x2bd8  SharedAccess - ok
14:01:08.0706 0x2bd8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:01:08.0723 0x2bd8  ShellHWDetection - ok
14:01:08.0791 0x2bd8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:01:08.0801 0x2bd8  SiSRaid2 - ok
14:01:08.0834 0x2bd8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:01:08.0841 0x2bd8  SiSRaid4 - ok
14:01:09.0038 0x2bd8  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:01:09.0054 0x2bd8  SkypeUpdate - ok
14:01:09.0093 0x2bd8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:01:09.0097 0x2bd8  Smb - ok
14:01:09.0135 0x2bd8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:01:09.0138 0x2bd8  SNMPTRAP - ok
14:01:09.0188 0x2bd8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:01:09.0191 0x2bd8  spldr - ok
14:01:09.0247 0x2bd8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:01:09.0262 0x2bd8  Spooler - ok
14:01:09.0414 0x2bd8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:01:09.0494 0x2bd8  sppsvc - ok
14:01:09.0895 0x2bd8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:01:09.0901 0x2bd8  sppuinotify - ok
14:01:09.0936 0x2bd8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:01:09.0952 0x2bd8  srv - ok
14:01:10.0005 0x2bd8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:01:10.0019 0x2bd8  srv2 - ok
14:01:10.0048 0x2bd8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:01:10.0055 0x2bd8  srvnet - ok
14:01:10.0100 0x2bd8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:01:10.0109 0x2bd8  SSDPSRV - ok
14:01:10.0131 0x2bd8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:01:10.0137 0x2bd8  SstpSvc - ok
14:01:10.0197 0x2bd8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
14:01:10.0205 0x2bd8  ssudmdm - ok
14:01:10.0243 0x2bd8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:01:10.0245 0x2bd8  stexstor - ok
14:01:10.0292 0x2bd8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
14:01:10.0294 0x2bd8  StillCam - ok
14:01:10.0368 0x2bd8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:01:10.0389 0x2bd8  stisvc - ok
14:01:10.0407 0x2bd8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:01:10.0410 0x2bd8  swenum - ok
14:01:10.0467 0x2bd8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:01:10.0485 0x2bd8  swprv - ok
14:01:10.0577 0x2bd8  [ BC642D540AEDF9A253C74D10C848EBD2, FFC90E91D2A3683925A34C15FC0EF6EE91A6F90C829B5BCC326EE2242F89E366 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:01:10.0635 0x2bd8  SynTP - ok
14:01:10.0728 0x2bd8  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
14:01:10.0769 0x2bd8  SysMain - ok
14:01:10.0827 0x2bd8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:01:10.0832 0x2bd8  TabletInputService - ok
14:01:10.0860 0x2bd8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:01:10.0873 0x2bd8  TapiSrv - ok
14:01:10.0913 0x2bd8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:01:10.0917 0x2bd8  TBS - ok
14:01:11.0037 0x2bd8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:01:11.0124 0x2bd8  Tcpip - ok
14:01:11.0232 0x2bd8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:01:11.0274 0x2bd8  TCPIP6 - ok
14:01:11.0333 0x2bd8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:01:11.0336 0x2bd8  tcpipreg - ok
14:01:11.0381 0x2bd8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:01:11.0384 0x2bd8  TDPIPE - ok
14:01:11.0401 0x2bd8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:01:11.0404 0x2bd8  TDTCP - ok
14:01:11.0447 0x2bd8  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:01:11.0452 0x2bd8  tdx - ok
14:01:11.0468 0x2bd8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:01:11.0476 0x2bd8  TermDD - ok
14:01:11.0528 0x2bd8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:01:11.0553 0x2bd8  TermService - ok
14:01:11.0594 0x2bd8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:01:11.0598 0x2bd8  Themes - ok
14:01:11.0641 0x2bd8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:01:11.0645 0x2bd8  THREADORDER - ok
14:01:11.0662 0x2bd8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:01:11.0668 0x2bd8  TrkWks - ok
14:01:11.0781 0x2bd8  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
14:01:11.0785 0x2bd8  TrueSight - ok
14:01:11.0844 0x2bd8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:01:11.0852 0x2bd8  TrustedInstaller - ok
14:01:11.0901 0x2bd8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:11.0904 0x2bd8  tssecsrv - ok
14:01:11.0961 0x2bd8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:01:11.0966 0x2bd8  TsUsbFlt - ok
14:01:11.0986 0x2bd8  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:01:11.0991 0x2bd8  TsUsbGD - ok
14:01:12.0043 0x2bd8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:01:12.0050 0x2bd8  tunnel - ok
14:01:12.0066 0x2bd8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:01:12.0071 0x2bd8  uagp35 - ok
14:01:12.0097 0x2bd8  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
14:01:12.0101 0x2bd8  UBHelper - ok
14:01:12.0137 0x2bd8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:01:12.0149 0x2bd8  udfs - ok
14:01:12.0190 0x2bd8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:01:12.0193 0x2bd8  UI0Detect - ok
14:01:12.0211 0x2bd8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:01:12.0217 0x2bd8  uliagpkx - ok
14:01:12.0261 0x2bd8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:01:12.0266 0x2bd8  umbus - ok
14:01:12.0291 0x2bd8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:01:12.0301 0x2bd8  UmPass - ok
14:01:12.0507 0x2bd8  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:01:12.0628 0x2bd8  UNS - ok
14:01:12.0681 0x2bd8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:01:12.0701 0x2bd8  upnphost - ok
14:01:12.0739 0x2bd8  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:01:12.0744 0x2bd8  USBAAPL64 - ok
14:01:12.0827 0x2bd8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:01:12.0834 0x2bd8  usbaudio - ok
14:01:12.0887 0x2bd8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:12.0893 0x2bd8  usbccgp - ok
14:01:12.0948 0x2bd8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:01:12.0956 0x2bd8  usbcir - ok
14:01:12.0992 0x2bd8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:01:12.0999 0x2bd8  usbehci - ok
14:01:13.0060 0x2bd8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:01:13.0075 0x2bd8  usbhub - ok
14:01:13.0107 0x2bd8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:01:13.0116 0x2bd8  usbohci - ok
14:01:13.0184 0x2bd8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:01:13.0187 0x2bd8  usbprint - ok
14:01:13.0217 0x2bd8  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:01:13.0222 0x2bd8  usbscan - ok
14:01:13.0239 0x2bd8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:13.0244 0x2bd8  USBSTOR - ok
14:01:13.0286 0x2bd8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:01:13.0290 0x2bd8  usbuhci - ok
14:01:13.0350 0x2bd8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:01:13.0360 0x2bd8  usbvideo - ok
14:01:13.0416 0x2bd8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:01:13.0421 0x2bd8  UxSms - ok
14:01:13.0449 0x2bd8  [ 0D48E93C6BE3143C0198CB252B992D16, AF34A41BAAE967045C8078E80B070E66ED60FDA0945FA752F715E49FD43373A4 ] VaultSvc        C:\Windows\system32\lsass.exe
14:01:13.0453 0x2bd8  VaultSvc - ok
14:01:13.0492 0x2bd8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:01:13.0496 0x2bd8  vdrvroot - ok
14:01:13.0618 0x2bd8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:01:13.0638 0x2bd8  vds - ok
14:01:13.0682 0x2bd8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:13.0687 0x2bd8  vga - ok
14:01:13.0729 0x2bd8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:01:13.0733 0x2bd8  VgaSave - ok
14:01:13.0763 0x2bd8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:01:13.0772 0x2bd8  vhdmp - ok
14:01:13.0816 0x2bd8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:01:13.0822 0x2bd8  viaide - ok
14:01:13.0861 0x2bd8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:01:13.0868 0x2bd8  volmgr - ok
14:01:13.0896 0x2bd8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:01:13.0907 0x2bd8  volmgrx - ok
14:01:13.0932 0x2bd8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:01:13.0945 0x2bd8  volsnap - ok
14:01:13.0991 0x2bd8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:01:14.0002 0x2bd8  vsmraid - ok
14:01:14.0103 0x2bd8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:01:14.0160 0x2bd8  VSS - ok
14:01:14.0209 0x2bd8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:01:14.0213 0x2bd8  vwifibus - ok
14:01:14.0256 0x2bd8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:14.0261 0x2bd8  vwififlt - ok
14:01:14.0321 0x2bd8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:01:14.0325 0x2bd8  vwifimp - ok
14:01:14.0407 0x2bd8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:01:14.0424 0x2bd8  W32Time - ok
14:01:14.0448 0x2bd8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:01:14.0452 0x2bd8  WacomPen - ok
14:01:14.0496 0x2bd8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:01:14.0502 0x2bd8  WANARP - ok
14:01:14.0510 0x2bd8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:01:14.0515 0x2bd8  Wanarpv6 - ok
14:01:14.0635 0x2bd8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:14.0738 0x2bd8  WatAdminSvc - ok
14:01:14.0891 0x2bd8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:01:14.0935 0x2bd8  wbengine - ok
14:01:14.0987 0x2bd8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:01:15.0000 0x2bd8  WbioSrvc - ok
14:01:15.0031 0x2bd8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:01:15.0050 0x2bd8  wcncsvc - ok
14:01:15.0071 0x2bd8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:01:15.0078 0x2bd8  WcsPlugInService - ok
14:01:15.0100 0x2bd8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:01:15.0106 0x2bd8  Wd - ok
14:01:15.0171 0x2bd8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:01:15.0202 0x2bd8  Wdf01000 - ok
14:01:15.0258 0x2bd8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:01:15.0265 0x2bd8  WdiServiceHost - ok
14:01:15.0275 0x2bd8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:01:15.0282 0x2bd8  WdiSystemHost - ok
14:01:15.0348 0x2bd8  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
14:01:15.0363 0x2bd8  WebClient - ok
14:01:15.0425 0x2bd8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:01:15.0438 0x2bd8  Wecsvc - ok
14:01:15.0482 0x2bd8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:01:15.0491 0x2bd8  wercplsupport - ok
14:01:15.0518 0x2bd8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:01:15.0526 0x2bd8  WerSvc - ok
14:01:15.0816 0x2bd8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:15.0972 0x2bd8  WfpLwf - ok
14:01:16.0027 0x2bd8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:01:16.0031 0x2bd8  WIMMount - ok
14:01:16.0098 0x2bd8  WinDefend - ok
14:01:16.0112 0x2bd8  WinHttpAutoProxySvc - ok
14:01:16.0249 0x2bd8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:01:16.0264 0x2bd8  Winmgmt - ok
14:01:16.0407 0x2bd8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:01:16.0513 0x2bd8  WinRM - ok
14:01:16.0591 0x2bd8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
14:01:16.0595 0x2bd8  WinUsb - ok
14:01:16.0664 0x2bd8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:01:16.0695 0x2bd8  Wlansvc - ok
14:01:16.0760 0x2bd8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:01:16.0767 0x2bd8  wlcrasvc - ok
14:01:16.0923 0x2bd8  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:17.0052 0x2bd8  wlidsvc - ok
14:01:17.0106 0x2bd8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:01:17.0113 0x2bd8  WmiAcpi - ok
14:01:17.0181 0x2bd8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:01:17.0189 0x2bd8  wmiApSrv - ok
14:01:17.0234 0x2bd8  WMPNetworkSvc - ok
14:01:17.0259 0x2bd8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:01:17.0265 0x2bd8  WPCSvc - ok
14:01:17.0285 0x2bd8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:01:17.0292 0x2bd8  WPDBusEnum - ok
14:01:17.0333 0x2bd8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:01:17.0337 0x2bd8  ws2ifsl - ok
14:01:17.0376 0x2bd8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:01:17.0383 0x2bd8  wscsvc - ok
14:01:17.0418 0x2bd8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:01:17.0422 0x2bd8  WSDPrintDevice - ok
14:01:17.0430 0x2bd8  WSearch - ok
14:01:17.0723 0x2bd8  [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:01:17.0835 0x2bd8  wuauserv - ok
14:01:17.0904 0x2bd8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:01:17.0909 0x2bd8  WudfPf - ok
14:01:17.0962 0x2bd8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:17.0972 0x2bd8  WUDFRd - ok
14:01:18.0012 0x2bd8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:01:18.0019 0x2bd8  wudfsvc - ok
14:01:18.0064 0x2bd8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:01:18.0075 0x2bd8  WwanSvc - ok
14:01:18.0117 0x2bd8  ================ Scan global ===============================
14:01:18.0153 0x2bd8  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
14:01:18.0197 0x2bd8  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
14:01:18.0218 0x2bd8  [ E80CA72FA43BF258E72C408CEF9839BE, 06482E80F43AD91F4B9E5919A0C50219382213D59EACF9FBAE7AFD7A321F30D2 ] C:\Windows\system32\winsrv.dll
14:01:18.0260 0x2bd8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:01:18.0302 0x2bd8  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:01:18.0311 0x2bd8  [ Global ] - ok
14:01:18.0312 0x2bd8  ================ Scan MBR ==================================
14:01:18.0332 0x2bd8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:01:18.0538 0x2bd8  \Device\Harddisk0\DR0 - ok
14:01:18.0539 0x2bd8  ================ Scan VBR ==================================
14:01:18.0543 0x2bd8  [ D440DE5B741710CCCC3B170C5F3ECBBA ] \Device\Harddisk0\DR0\Partition1
14:01:18.0546 0x2bd8  \Device\Harddisk0\DR0\Partition1 - ok
14:01:18.0551 0x2bd8  [ 71D5505EA4822585C88772651F85336C ] \Device\Harddisk0\DR0\Partition2
14:01:18.0553 0x2bd8  \Device\Harddisk0\DR0\Partition2 - ok
14:01:18.0553 0x2bd8  ================ Scan generic autorun ======================
14:01:18.0611 0x2bd8  [ A8CDA302BB94EFDC7FC62762B6BA4F02, 96CC785844051FED5173286A7B4D1B284FF5055264511298C651C0E6387D1DAA ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
14:01:18.0627 0x2bd8  AmIcoSinglun64 - ok
14:01:18.0629 0x2bd8  SynTPEnh - ok
14:01:19.0218 0x2bd8  [ 023FAC742820932580B68DB91E0D7B6A, 9B2AF05CBA9BB153A2EE959BA9911A93E9C75CFDF8E040D8E3D86CB9BD505091 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:01:19.0616 0x2bd8  RTHDVCPL - ok
14:01:19.0808 0x2bd8  [ 13F8A10F1CD89DB7778C56A60C1B4919, 723CA875D01C391493BD660F35DBA4A0F9D9C54C19A2DF9AA89957A42BC83076 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
14:01:19.0887 0x2bd8  Power Management - ok
14:01:19.0950 0x2bd8  [ 838258B7655F2309F7BE63F844AF51BB, 50E5831663E8BD4627C9D532AB4B0D451D668CFC519163E5D75952BA9BD6EE12 ] C:\Program Files\iTunes\iTunesHelper.exe
14:01:19.0957 0x2bd8  iTunesHelper - ok
14:01:20.0074 0x2bd8  [ 91A6FEFDE79338DBF53B241233E703A9, 39C90838B096DD1764C029E4D28B008020BFD01008F0E308FAD27F1C5714F204 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
14:01:20.0098 0x2bd8  mcui_exe - ok
14:01:20.0159 0x2bd8  [ 177B43D22BF388B0D5ED8DD39D51604B, 04C0E713B258A5E152620B4DAB08F68B495F15D25E5097603EE2CB4038B92EDA ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
14:01:20.0175 0x2bd8  SuiteTray - ok
14:01:20.0304 0x2bd8  [ 7540A112B052AC8DB4BC02F1039B235B, BD32CA1FB07AB0544A41921702B55D41F3302837449916908F1011C5A66FAACB ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
14:01:20.0322 0x2bd8  EgisTecPMMUpdate - ok
14:01:20.0348 0x2bd8  [ 6A8ABD13B2C30DED1125919576AA5E59, 4A41E03D044C0F0CDC86ABA1BBA8EE548E71D1E7096A811427F7950E96F13399 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
14:01:20.0358 0x2bd8  EgisUpdate - ok
14:01:20.0688 0x2bd8  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
14:01:20.0744 0x2bd8  Norton Online Backup - ok
14:01:20.0807 0x2bd8  [ 7D306366A07AE89B03D67EE98DF1931B, 07AAC8A8D1A10AB9763C25C0762D82E657969D37F9794937FDCC5F580B0E220A ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
14:01:20.0811 0x2bd8  Adobe Reader Speed Launcher - ok
14:01:20.0865 0x2bd8  [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
14:01:20.0878 0x2bd8  BackupManagerTray - ok
14:01:20.0984 0x2bd8  [ 2ADC102A6D92BFB1F092A1A165E24181, 08D8292916B5B1A24FC663924240675E540CEF7C14DF43ACFA021E9921FCC2A9 ] C:\Program Files (x86)\Launch Manager\LManager.exe
14:01:21.0013 0x2bd8  LManager - ok
14:01:21.0119 0x2bd8  [ 41D4102A550711871BB2DC49EA03CA7B, B8EE41B392D0614FE53174AF3014CE863902B29051397734EADEF858478B23A4 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
14:01:21.0127 0x2bd8  ArcadeMovieService - ok
14:01:21.0220 0x2bd8  [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:01:21.0226 0x2bd8  APSDaemon - ok
14:01:21.0314 0x2bd8  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
14:01:21.0324 0x2bd8  HP Software Update - ok
14:01:21.0446 0x2bd8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:01:21.0526 0x2bd8  Sidebar - ok
14:01:21.0608 0x2bd8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:01:21.0612 0x2bd8  mctadmin - ok
14:01:21.0617 0x2bd8  IsMyWinLockerReboot - ok
14:01:21.0759 0x2bd8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:01:21.0793 0x2bd8  Sidebar - ok
14:01:21.0802 0x2bd8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:01:21.0807 0x2bd8  mctadmin - ok
14:01:21.0810 0x2bd8  IsMyWinLockerReboot - ok
14:01:21.0888 0x2bd8  [ 760ACD103FFB86AD65DC41CDEB08ABCF, 518DBEA24FB54D54BD17E0940ADD49134525D161A62C2E9D71FD876CE3E97D7B ] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
14:01:21.0911 0x2bd8  KiesAirMessage - ok
14:01:21.0976 0x2bd8  [ F341DD6145F779CE5B732BC6BC6A3370, 67CE7E6DD5969C8DE34473E01D60D52FABC740B056287C2E261A36F97993ED0D ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
14:01:22.0011 0x2bd8  iCloudServices - ok
14:01:22.0047 0x2bd8  [ 944E77A49DBAF8F6BB473118C116E59E, 0DA67736F1841A270AB24C13BA8FF4021A8950EB58B4985774F4B224B832B0DA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
14:01:22.0076 0x2bd8  ApplePhotoStreams - ok
14:01:22.0519 0x2bd8  [ 52BB1038DE18319F9AAC7B3603522AE4, 33F9054C58F6768327740EDCEBDAA05E6DD0692CCCA6284E89E715C2459B666E ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
14:01:22.0866 0x2bd8  SUPERAntiSpyware - ok
14:01:22.0880 0x2bd8  Waiting for KSN requests completion. In queue: 129
14:01:23.0880 0x2bd8  Waiting for KSN requests completion. In queue: 129
14:01:24.0880 0x2bd8  Waiting for KSN requests completion. In queue: 129
14:01:25.0880 0x2bd8  Waiting for KSN requests completion. In queue: 129
14:01:26.0880 0x2bd8  Waiting for KSN requests completion. In queue: 129
14:01:28.0019 0x2bd8  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51000 ( enabled : updated )
14:01:28.0025 0x2bd8  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51010 ( enabled )
14:01:41.0456 0x2bd8  ============================================================
14:01:41.0456 0x2bd8  Scan finished
14:01:41.0456 0x2bd8  ============================================================
14:01:41.0469 0x2040  Detected object count: 0
14:01:41.0469 0x2040  Actual detected object count: 0
 


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 24 August 2015 - 09:34 AM

Please download GMER from one of the following locations and save it to your desktop:
 

It is very important you do not use your computer while GMER is running
Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
If you receive a warning about rootkit activity and are asked to fully scan your system click NO
Please check in the Quick scan box
Please uncheck the following:

IAT/EAT
Show All <<< Important

GMER2new_zpsdd936679.jpg
Click Scan
If you see a rootkit warning window click OK
When the scan is finished, Save the results to your desktop as gmer.log
Click Copy then paste the results in your reply
Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

If you encounter any problems, try running GMER in Safe Mode
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 24 August 2015 - 11:25 AM

The gmer log post is too long, so I've attached it instead.

Attached Files

  • Attached File  gmer.log   116.46KB   2 downloads


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 24 August 2015 - 12:25 PM

Let's upload a file for a second opinion on what it actually is (I'm suspecting that it's malware).

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Users\Manso\Downloads\wu0nk5su.exe

If prompted to reanalyze a file, please do so.

Please post back the website addresses (URL) of the Virustotal result in your next post.

Edited by jntkwx, 24 August 2015 - 12:26 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 24 August 2015 - 07:27 PM

hi Jason,

Here's the URL

https://www.virustotal.com/en/file/812cfd967188de56c88134e6125724d3f2eca26a2a1a7acd8fddfaa36d712947/analysis/1440462185/ 



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 24 August 2015 - 07:30 PM

Do you recognize that file, wu0nk5su.exe ?
 

Disregard my previous question.

 

How is the computer running now? Please be as descriptive as possible.


Edited by jntkwx, 24 August 2015 - 07:35 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 24 August 2015 - 07:38 PM

Let's upload another file for a second opinion on what it actually is.

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Windows\syswow64\PSAPI.DLL

If prompted to reanalyze a file, please do so.

Please post back the website address (URL) of the Virustotal result in your next post.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 25 August 2015 - 01:31 PM

Hi Jason, 

Here's the URL

https://www.virustotal.com/en/file/2d824c66a97fc8c39dafa397cc47495b712d175eef393486946da8936bdd466a/analysis/1440526845/

 

The redirection seems to have stopped. I've been browsing so I can get some screenshots to show you, but it hasn't happened. I'm not sure the problem have gone though because my children were playing on the laptop and the website they were looking at redirected to a page that was blocked (not sure if it was blocked by McAfee or Chrome) this morning. I wasn't watching so I have no idea what they clicked.

 

At the moment, Chrome is just running very slowly because it's waiting for the different web addresses I described in the original email and there are "offers 4U" shopping pop ups that appear over the screen when I go to any shopping website. 



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 25 August 2015 - 02:03 PM

We haven't really removed anything or made any changes to the computer, so it's strange that you're not seeing any redirection.

 

Combofix
Please download Combofix from one of these links, and save it to your desktop.
Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:

  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:

  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Ami1977

Ami1977
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 26 August 2015 - 12:51 PM

Attached File  screenshots.doc   2.18MB   3 downloads

HI Jason, 

 

The redirection is back, but it's happening a lot less frequently now -do you think that's a good sign? I've attached a Word doc with screen shots of the problems that I'm having. 

 

Here is the combofix log

 

ComboFix 15-08-24.01 - Manso 26/08/2015   0:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3948.2111 [GMT 1:00]
Running from: c:\users\Manso\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manso\Documents\~WRL3934.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-26 to 2015-08-26  )))))))))))))))))))))))))))))))
.
.
2015-08-26 00:02 . 2015-08-26 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-26 00:02 . 2015-08-26 00:02 -------- d-----w- c:\users\Ami\AppData\Local\temp
2015-08-25 08:02 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C554F5B-809E-458F-B5F7-FFA0FE49DEB7}\mpengine.dll
2015-08-24 09:00 . 2015-08-24 09:00 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-24 09:00 . 2015-08-24 13:07 -------- d-----w- c:\programdata\RogueKiller
2015-08-22 10:28 . 2015-08-22 10:28 -------- d-----w- c:\program files (x86)\iTunes
2015-08-22 10:28 . 2015-08-22 10:28 -------- d-----w- c:\program files\iPod
2015-08-22 10:27 . 2015-08-22 10:29 -------- d-----w- c:\program files\iTunes
2015-08-19 23:09 . 2015-08-19 23:26 -------- d-----w- C:\FRST
2015-08-19 17:58 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-19 17:58 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 17:58 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-17 09:37 . 2015-08-17 09:37 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2015-08-14 00:54 . 2015-08-14 00:54 -------- d-----w- c:\programdata\Sophos
2015-08-14 00:52 . 2015-08-14 00:52 -------- d-----w- c:\program files (x86)\Sophos
2015-08-13 09:40 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:40 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:46 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
2015-08-12 09:46 . 2015-07-16 20:21 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-08-12 09:46 . 2015-07-16 19:12 2427904 ----a-w- c:\windows\system32\wininet.dll
2015-08-12 09:46 . 2015-07-16 21:15 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2015-08-12 09:46 . 2015-07-16 20:36 417792 ----a-w- c:\windows\system32\html.iec
2015-08-12 09:46 . 2015-07-16 20:35 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-08-12 09:46 . 2015-07-16 19:55 199680 ----a-w- c:\windows\system32\msrating.dll
2015-08-12 09:46 . 2015-07-16 18:55 382976 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2015-08-12 09:46 . 2015-07-21 00:39 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-12 09:46 . 2015-07-16 19:54 1018368 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-08-12 09:43 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 09:43 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-12 09:43 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-12 09:43 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-12 09:43 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-12 09:43 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-12 09:43 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 09:32 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 09:32 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-12 09:32 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-12 09:32 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-12 09:32 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 09:32 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 09:32 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 09:32 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-12 09:32 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-12 09:32 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-12 09:32 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-12 09:32 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-12 09:27 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 09:26 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-10 16:41 . 2015-08-10 16:41 -------- d-----w- c:\users\Manso\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 16:34 . 2015-08-10 16:34 -------- d-----w- c:\users\Ami\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 16:33 . 2015-08-10 16:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-08-10 16:33 . 2015-08-10 16:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-08-08 21:44 . 2015-08-08 21:44 -------- d-----w- C:\Daddy and Sia go to LFC
2015-08-08 21:42 . 2015-08-08 21:42 -------- d-----w- C:\Neneh 2nd birthday
2015-08-08 21:40 . 2015-08-08 21:41 -------- d-----w- C:\Isle of Wight holiday 2012
2015-08-07 10:07 . 2015-08-07 10:07 -------- d-----w- c:\users\Manso\AppData\Local\CEF
2015-07-27 12:41 . 2015-07-27 12:41 -------- d-----w- C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 15:42 . 2014-11-24 13:58 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-13 15:38 . 2014-11-24 13:58 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-13 08:49 . 2012-03-15 11:30 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 10:11 . 2012-03-30 18:50 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 10:11 . 2011-09-26 12:33 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-04 20:45 . 2012-03-03 11:11 394584 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2015-07-15 17:54 . 2015-08-12 09:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 09:38 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 09:38 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 14:33 . 2015-04-08 06:44 412440 ----a-w- c:\windows\system32\drivers\mfeaack.sys
2015-07-02 14:33 . 2011-03-13 18:20 875928 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2015-07-02 14:33 . 2011-03-13 18:20 77536 ----a-w- c:\windows\system32\drivers\cfwids.sys
2015-07-02 14:33 . 2011-03-13 18:20 496888 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2015-07-02 14:33 . 2011-03-13 18:20 347800 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2015-07-02 14:33 . 2011-03-13 18:20 344704 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2015-06-29 09:03 . 2011-09-26 12:10 254792 ----a-w- c:\windows\system32\mfevtps.exe
2015-06-28 21:37 . 2015-06-28 21:37 529080 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2015-06-28 21:37 . 2015-06-28 21:37 20480 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2015-06-28 21:37 . 2015-06-28 21:37 109728 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2015-06-23 12:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 07:41 . 2014-11-24 13:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2014-11-24 13:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 09:49 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 09:49 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 00:01 . 2015-06-17 00:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-16 18:25 . 2015-06-16 18:25 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-06-15 21:50 . 2015-07-15 09:37 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 09:37 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 09:37 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 09:37 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 09:37 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 09:37 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 09:37 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 09:37 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 09:37 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 09:37 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 09:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 09:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 09:51 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 09:51 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"Spotify Web Helper"="c:\users\Manso\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-08-25 2018360]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248]
"Spotify"="c:\users\Manso\AppData\Roaming\Spotify\Spotify.exe" [2015-08-25 7389752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2015-07-21 641504]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2015-04-29 40336]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2014-01-22 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91120000-002F-0000-0000-0000000FF1CE}"="del" [X]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cpuz134;cpuz134;c:\users\Manso\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Manso\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 RapportCerberus_1507065;RapportCerberus_1507065;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-22 08:15 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:11]
.
2015-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 18:47]
.
2015-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 18:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}: NameServer = 81.218.119.15,199.203.35.75
TCP: Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}\244584572633D273D43305: NameServer = 81.218.119.15,199.203.35.75
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {0EBD01DC-F720-4FCA-991F-09F4DACF9B5F} - hxxp://www.photopanda.co.uk/apps/ipc/downloads//ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-26  01:12:55
ComboFix-quarantined-files.txt  2015-08-26 00:12
.
Pre-Run: 533,244,198,912 bytes free
Post-Run: 532,563,451,904 bytes free
.
- - End Of File - - 3B6841C7ECE7743EB9514BDA25098A1C
 

 

.


Attached File  screenshots.doc   2.18MB   3 downloads

HI Jason, 

 

The redirection is back, but it's happening a lot less frequently now -do you think that's a good sign? I've attached a Word doc with screen shots of the problems that I'm having. 

 

Here is the combofix log

 

ComboFix 15-08-24.01 - Manso 26/08/2015   0:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3948.2111 [GMT 1:00]
Running from: c:\users\Manso\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manso\Documents\~WRL3934.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-26 to 2015-08-26  )))))))))))))))))))))))))))))))
.
.
2015-08-26 00:02 . 2015-08-26 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-26 00:02 . 2015-08-26 00:02 -------- d-----w- c:\users\Ami\AppData\Local\temp
2015-08-25 08:02 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C554F5B-809E-458F-B5F7-FFA0FE49DEB7}\mpengine.dll
2015-08-24 09:00 . 2015-08-24 09:00 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-24 09:00 . 2015-08-24 13:07 -------- d-----w- c:\programdata\RogueKiller
2015-08-22 10:28 . 2015-08-22 10:28 -------- d-----w- c:\program files (x86)\iTunes
2015-08-22 10:28 . 2015-08-22 10:28 -------- d-----w- c:\program files\iPod
2015-08-22 10:27 . 2015-08-22 10:29 -------- d-----w- c:\program files\iTunes
2015-08-19 23:09 . 2015-08-19 23:26 -------- d-----w- C:\FRST
2015-08-19 17:58 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-19 17:58 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 17:58 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-17 09:37 . 2015-08-17 09:37 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2015-08-14 00:54 . 2015-08-14 00:54 -------- d-----w- c:\programdata\Sophos
2015-08-14 00:52 . 2015-08-14 00:52 -------- d-----w- c:\program files (x86)\Sophos
2015-08-13 09:40 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:40 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:46 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
2015-08-12 09:46 . 2015-07-16 20:21 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-08-12 09:46 . 2015-07-16 19:12 2427904 ----a-w- c:\windows\system32\wininet.dll
2015-08-12 09:46 . 2015-07-16 21:15 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2015-08-12 09:46 . 2015-07-16 20:36 417792 ----a-w- c:\windows\system32\html.iec
2015-08-12 09:46 . 2015-07-16 20:35 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-08-12 09:46 . 2015-07-16 19:55 199680 ----a-w- c:\windows\system32\msrating.dll
2015-08-12 09:46 . 2015-07-16 18:55 382976 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2015-08-12 09:46 . 2015-07-21 00:39 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-12 09:46 . 2015-07-16 19:54 1018368 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-08-12 09:43 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 09:43 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-12 09:43 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-12 09:43 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-12 09:43 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-12 09:43 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-12 09:43 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 09:32 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 09:32 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-12 09:32 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-12 09:32 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-12 09:32 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 09:32 . 2015-07-15 03:19 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 09:32 . 2015-07-15 03:14 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 09:32 . 2015-07-15 03:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-12 09:32 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-12 09:32 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-12 09:32 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-12 09:32 . 2015-07-15 02:51 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-12 09:27 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 09:26 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-10 16:41 . 2015-08-10 16:41 -------- d-----w- c:\users\Manso\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 16:34 . 2015-08-10 16:34 -------- d-----w- c:\users\Ami\AppData\Roaming\SUPERAntiSpyware.com
2015-08-10 16:33 . 2015-08-10 16:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-08-10 16:33 . 2015-08-10 16:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-08-08 21:44 . 2015-08-08 21:44 -------- d-----w- C:\Daddy and Sia go to LFC
2015-08-08 21:42 . 2015-08-08 21:42 -------- d-----w- C:\Neneh 2nd birthday
2015-08-08 21:40 . 2015-08-08 21:41 -------- d-----w- C:\Isle of Wight holiday 2012
2015-08-07 10:07 . 2015-08-07 10:07 -------- d-----w- c:\users\Manso\AppData\Local\CEF
2015-07-27 12:41 . 2015-07-27 12:41 -------- d-----w- C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 15:42 . 2014-11-24 13:58 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-13 15:38 . 2014-11-24 13:58 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-13 08:49 . 2012-03-15 11:30 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 10:11 . 2012-03-30 18:50 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 10:11 . 2011-09-26 12:33 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-04 20:45 . 2012-03-03 11:11 394584 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2015-07-15 17:54 . 2015-08-12 09:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-15 09:38 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 09:38 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 14:33 . 2015-04-08 06:44 412440 ----a-w- c:\windows\system32\drivers\mfeaack.sys
2015-07-02 14:33 . 2011-03-13 18:20 875928 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2015-07-02 14:33 . 2011-03-13 18:20 77536 ----a-w- c:\windows\system32\drivers\cfwids.sys
2015-07-02 14:33 . 2011-03-13 18:20 496888 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2015-07-02 14:33 . 2011-03-13 18:20 347800 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2015-07-02 14:33 . 2011-03-13 18:20 344704 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2015-06-29 09:03 . 2011-09-26 12:10 254792 ----a-w- c:\windows\system32\mfevtps.exe
2015-06-28 21:37 . 2015-06-28 21:37 529080 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2015-06-28 21:37 . 2015-06-28 21:37 20480 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2015-06-28 21:37 . 2015-06-28 21:37 109728 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2015-06-23 12:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 07:41 . 2014-11-24 13:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2014-11-24 13:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 09:49 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 09:49 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 00:01 . 2015-06-17 00:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-16 18:25 . 2015-06-16 18:25 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-06-15 21:50 . 2015-07-15 09:37 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 09:37 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 09:37 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 09:37 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 09:37 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 09:37 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 09:37 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 09:37 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 09:37 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 09:37 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 09:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 09:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 09:51 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 09:51 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"Spotify Web Helper"="c:\users\Manso\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-08-25 2018360]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248]
"Spotify"="c:\users\Manso\AppData\Roaming\Spotify\Spotify.exe" [2015-08-25 7389752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2015-07-21 641504]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2015-04-29 40336]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2014-01-22 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-07-29 1404248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91120000-002F-0000-0000-0000000FF1CE}"="del" [X]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cpuz134;cpuz134;c:\users\Manso\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Manso\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 RapportCerberus_1507065;RapportCerberus_1507065;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfesapsn;McAfee Process Start Notification Service;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys;c:\program files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-22 08:15 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:11]
.
2015-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 18:47]
.
2015-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-17 18:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}: NameServer = 81.218.119.15,199.203.35.75
TCP: Interfaces\{CBA8FC74-DA05-4267-BE5C-D0F7E3A125E6}\244584572633D273D43305: NameServer = 81.218.119.15,199.203.35.75
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {0EBD01DC-F720-4FCA-991F-09F4DACF9B5F} - hxxp://www.photopanda.co.uk/apps/ipc/downloads//ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-26  01:12:55
ComboFix-quarantined-files.txt  2015-08-26 00:12
.
Pre-Run: 533,244,198,912 bytes free
Post-Run: 532,563,451,904 bytes free
.
- - End Of File - - 3B6841C7ECE7743EB9514BDA25098A1C
 

 

.



#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:51 AM

Posted 26 August 2015 - 02:45 PM

It could be a good sign, though it makes find the cause a little more difficult. What country are you in? One thing that keeps showing up in the logs that is potentially suspicious is an IP address from Israel.
 

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.



Rkill
Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

•In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
•Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)?Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.

•A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
•An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
•Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
•If nothing happens or if the tool does not run, please let me know in your next reply.



Please download the latest version of AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

In your next reply, please include:

  • MiniToolBox log
  • Rkill log
  • Adwcleaner log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users