Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87514 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

Malware that keeps coming back [Solved]


  • This topic is locked This topic is locked
11 replies to this topic

#1 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 18 October 2013 - 05:32 PM

I'm pretty sure there is some malware that snuck itself into my PC. Something called GreatestArcadeHits I removed, (Kept popping up ads in browsers and highlighting words on pages with ads), and then there was something called Scorpion Saver I removed as well. But Scorpion Saver keeps reinstalling itself into my program files and as add on in my browsers every time I remove it. I ran Anti- Malware Bytes, and a McAfee virus scan but they didn't seem to find anything. And ever since I been constantly deleting these malwares my firefox keeps crashing a lot when it never did before and I'm seeing words highlighted as ads again. And I tried reinstalling firefox completely but with this malware that keeps coming back it probably isn't helping.

So I'd like some help in getting rid of these malwares and any other ones I may not know about it.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:48 PM, on 10/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3903832009-3468763352-2619396910-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3903832009-3468763352-2619396910-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\Windows\Installer\MSIC859.tmp.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11189 bytes

Edited by Dragina, 18 October 2013 - 06:02 PM.


#2 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 19 October 2013 - 07:23 PM

Hello and Posted Image

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!


Run Hijack This
  • Right-click and choose Run as Administrator on the icon on your desktop to launch Hijack This
  • Click on the Scan button
  • When the scan has finished, please put a check in the box next to the following item:

    O2 - BHO: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
    O23 - Service: Level Quality Watcher - Unknown owner - C:\Windows\Installer\MSIC859.tmp.exe (file missing)

  • Make sure all other windows, including your browser are closed, and then click on the Fix Checked button
If you are not prompted to do so, please reboot your computer after the fix has completed.



HijackThis has largely been replaced by other tools. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. DDS includes all the scan locations of HijackThis and more.


Download and Run DDS by sUBs

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.scr to run the tool.
    • When done, DDS.txt and Attach.txt
    • Save both reports to your desktop.
    ---------------------------------------------------

    Please Please copy / paste the scan reults.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Next:
Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If Malicious objects are found then ensure Cure is selected
  • If TDLFS File System is found then ensure Skipis selected
  • Then click Continue Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#3 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 20 October 2013 - 12:01 PM

I ran Hijack This and fixed the 2 objects as instructed and rebooted.

I'd also like to point out I've noticed in the folder at C:\temp There is an installer for ScorpionSaver in there that also keeps coming back every time I had removed that entire temp folder since that is all that is in there.

Heres a picture too: Posted Image

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Michelle at 13:21:35.40 on Sun 10/20/2013
Internet Explorer: 9.10.9200.16721 BrowserJavaVersion: 10.25.2
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1772 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Users\Michelle\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Michelle\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
BHO-X64: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
AppInit_DLLs-X64: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\cxogh6sc.default\
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-4-3 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-4-3 343568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-23 283064]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-11 65640]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-5-24 58088]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-5-24 137256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-1 2746704]
R2 HomeNetSvc;McAfee Home Network;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 328928]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 249936]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-7-2 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 328928]
R2 mcpltsvc;McAfee Platform Services;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 328928]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-7-2 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-7-2 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-7-2 182752]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 14997280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-7-1 2155296]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-7-1 239176]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-9-27 106472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-2-13 411136]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-4-3 70112]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-4-3 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-4-3 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2013-9-27 196384]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-27 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-9-7 116648]
S2 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2013-7-2 249936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-7-2 257416]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-10-10 49152]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-9-7 116648]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-16 197704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-7-2 225216]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-14 118680]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-9 18360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-2 57856]
S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-1 1255736]
S4 Level Quality Watcher;Level Quality Watcher;C:\Windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC --> C:\Windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC [?]
.
=============== Created Last 30 ================
.
2013-10-20 17:06:22 -------- d-----w- C:\Program Files (x86)\ScorpionSaver
2013-10-20 13:31:43 -------- d-----w- C:\temp
2013-10-18 23:29:58 388096 ----a-r- C:\Users\Michelle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-18 23:29:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-10-16 11:23:39 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-10-14 22:46:59 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes
2013-10-14 22:46:07 -------- d-----w- C:\PROGRA~3\Malwarebytes
2013-10-14 22:45:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-14 22:45:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-10 22:28:55 -------- d-----w- C:\Users\Michelle\AppData\Local\LogMeIn
2013-10-10 22:28:55 -------- d-----w- C:\PROGRA~3\LogMeIn
2013-10-10 17:38:49 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2013-10-10 17:27:20 -------- d-----w- C:\Users\Michelle\AppData\Local\ArmA 2
2013-10-10 17:22:46 -------- d-----w- C:\Users\Michelle\AppData\Local\ArmA 2 OA
2013-10-10 17:22:46 -------- d-----w- C:\PROGRA~3\Bohemia Interactive Studio
2013-10-09 22:16:33 -------- d-----w- C:\PROGRA~3\SIX Networks
2013-10-09 22:15:43 -------- d-----w- C:\Users\Michelle\AppData\Local\IsolatedStorage
2013-10-09 22:15:41 -------- d-----w- C:\Users\Michelle\AppData\Roaming\SIX Networks
2013-10-09 22:15:36 -------- d-----w- C:\Users\Michelle\AppData\Local\SIX Networks
2013-10-09 22:04:10 -------- d-----w- C:\Users\Michelle\AppData\Local\DayZCommander
2013-10-09 22:03:42 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2013-10-09 11:38:38 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2013-10-09 11:37:52 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-10-09 02:04:59 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-09 02:03:52 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-09 02:02:50 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-10-09 02:02:49 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-10-09 02:02:48 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-10-09 02:02:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-10-09 02:02:46 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-10-09 02:02:38 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 02:02:37 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 02:01:53 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-09 02:01:45 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-09 02:01:25 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 02:01:24 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-09 02:01:23 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-09 02:01:22 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-09 02:01:21 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-09 02:01:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 02:01:19 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-01 06:23:44 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Mumble
2013-10-01 06:20:09 -------- d-----w- C:\Program Files (x86)\Mumble
2013-09-30 23:27:31 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-09-28 00:11:31 -------- d-----w- C:\Users\Michelle\AppData\Local\Razer
2013-09-27 04:03:04 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 04:03:04 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-27 02:55:53 -------- d-----w- C:\Program Files (x86)\AMD
2013-09-27 02:52:55 -------- d-----w- C:\Users\Michelle\AppData\Local\Downloaded Installations
.
==================== Find3M ====================
.
2013-10-08 23:28:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 23:28:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-25 00:29:46 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-09-25 00:25:40 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-09-25 00:25:24 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-09-25 00:22:48 781312 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-09-25 00:21:32 519192 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-09-25 00:20:28 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-09-25 00:19:56 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-20 13:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 13:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 13:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-12 05:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-23 21:49:47 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2013-08-23 06:17:36 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-21 10:11:52 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 13:23:23.66 ===============




Attach.txt

My Attach.txt file is in a zip folder you can download I attached to my post, I wasn't sure if I should post it directly as the log itself said "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT" If not let me know and I can post it directly.



TDSSKiller.3.0.0.14_20.10.2013_13.30.54_log


13:30:54.0206 0x1608 TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
13:30:58.0402 0x1608 ============================================================
13:30:58.0402 0x1608 Current date / time: 2013/10/20 13:30:58.0402
13:30:58.0402 0x1608 SystemInfo:
13:30:58.0402 0x1608
13:30:58.0402 0x1608 OS Version: 6.1.7601 ServicePack: 1.0
13:30:58.0402 0x1608 Product type: Workstation
13:30:58.0402 0x1608 ComputerName: MICHELLE-PC
13:30:58.0402 0x1608 UserName: Michelle
13:30:58.0402 0x1608 Windows directory: C:\Windows
13:30:58.0402 0x1608 System windows directory: C:\Windows
13:30:58.0402 0x1608 Running under WOW64
13:30:58.0402 0x1608 Processor architecture: Intel x64
13:30:58.0402 0x1608 Number of processors: 2
13:30:58.0402 0x1608 Page size: 0x1000
13:30:58.0402 0x1608 Boot type: Normal boot
13:30:58.0402 0x1608 ============================================================
13:31:00.0960 0x1608 System UUID: {DBF7680B-1BC7-5FF6-B17B-E3E03360F29C}
13:31:01.0943 0x1608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:31:01.0974 0x1608 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:31:01.0974 0x1608 ============================================================
13:31:01.0974 0x1608 \Device\Harddisk0\DR0:
13:31:01.0974 0x1608 MBR partitions:
13:31:01.0974 0x1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB42BC5
13:31:01.0974 0x1608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB42C04, BlocksNum 0x168197D
13:31:01.0974 0x1608 \Device\Harddisk2\DR2:
13:31:01.0990 0x1608 MBR partitions:
13:31:01.0990 0x1608 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:31:01.0990 0x1608 ============================================================
13:31:02.0084 0x1608 C: <-> \Device\Harddisk0\DR0\Partition1
13:31:02.0240 0x1608 D: <-> \Device\Harddisk0\DR0\Partition2
13:31:02.0271 0x1608 G: <-> \Device\Harddisk2\DR2\Partition1
13:31:02.0271 0x1608 ============================================================
13:31:02.0271 0x1608 Initialize success
13:31:02.0271 0x1608 ============================================================
13:31:42.0971 0x17d8 ============================================================
13:31:42.0971 0x17d8 Scan started
13:31:42.0971 0x17d8 Mode: Manual; SigCheck; TDLFS;
13:31:42.0971 0x17d8 ============================================================
13:31:42.0971 0x17d8 KSN ping started
13:31:46.0029 0x17d8 KSN ping finished: true
13:31:47.0168 0x17d8 ================ Scan system memory ========================
13:31:47.0168 0x17d8 System memory - ok
13:31:47.0168 0x17d8 ================ Scan services =============================
13:31:47.0402 0x17d8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:31:47.0604 0x17d8 1394ohci - ok
13:31:47.0682 0x17d8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:31:47.0714 0x17d8 ACPI - ok
13:31:47.0745 0x17d8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:31:47.0807 0x17d8 AcpiPmi - ok
13:31:47.0901 0x17d8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:31:47.0979 0x17d8 AdobeARMservice - ok
13:31:48.0088 0x17d8 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:31:48.0119 0x17d8 AdobeFlashPlayerUpdateSvc - ok
13:31:48.0228 0x17d8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:31:48.0275 0x17d8 adp94xx - ok
13:31:48.0322 0x17d8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:31:48.0353 0x17d8 adpahci - ok
13:31:48.0416 0x17d8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:31:48.0447 0x17d8 adpu320 - ok
13:31:48.0494 0x17d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:31:48.0556 0x17d8 AeLookupSvc - ok
13:31:48.0634 0x17d8 [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD C:\Windows\system32\drivers\afd.sys
13:31:48.0743 0x17d8 AFD - ok
13:31:48.0806 0x17d8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
13:31:48.0852 0x17d8 agp440 - ok
13:31:48.0899 0x17d8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
13:31:48.0915 0x17d8 ALG - ok
13:31:48.0962 0x17d8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
13:31:48.0993 0x17d8 aliide - ok
13:31:49.0008 0x17d8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
13:31:49.0024 0x17d8 amdide - ok
13:31:49.0071 0x17d8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:31:49.0133 0x17d8 AmdK8 - ok
13:31:49.0164 0x17d8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:31:49.0196 0x17d8 AmdPPM - ok
13:31:49.0258 0x17d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:31:49.0274 0x17d8 amdsata - ok
13:31:49.0320 0x17d8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:31:49.0352 0x17d8 amdsbs - ok
13:31:49.0383 0x17d8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:31:49.0398 0x17d8 amdxata - ok
13:31:49.0461 0x17d8 [ C6288BC37DD7165BF12EF65A428CAA28, 10AD3941A51626B3BAA527CE5A525C1FD47628701E7D1CAD952DB155E086073E ] AODDriver4.2.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
13:31:49.0508 0x17d8 AODDriver4.2.0 - ok
13:31:49.0554 0x17d8 [ E257507F920DDC972000BE117EC8D06D, F7DC9A632FE7F12E5608D52DC0BFBEEC5A243AF718E5012B11E16612F4344769 ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
13:31:49.0570 0x17d8 AODService - ok
13:31:49.0617 0x17d8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
13:31:49.0679 0x17d8 AppID - ok
13:31:49.0726 0x17d8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:31:49.0820 0x17d8 AppIDSvc - ok
13:31:49.0866 0x17d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
13:31:49.0898 0x17d8 Appinfo - ok
13:31:49.0944 0x17d8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:31:49.0960 0x17d8 arc - ok
13:31:49.0991 0x17d8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:31:50.0022 0x17d8 arcsas - ok
13:31:50.0132 0x17d8 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:31:50.0147 0x17d8 aspnet_state - ok
13:31:50.0194 0x17d8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:50.0256 0x17d8 AsyncMac - ok
13:31:50.0288 0x17d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
13:31:50.0319 0x17d8 atapi - ok
13:31:50.0366 0x17d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:31:50.0475 0x17d8 AudioEndpointBuilder - ok
13:31:50.0522 0x17d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:31:50.0600 0x17d8 AudioSrv - ok
13:31:50.0646 0x17d8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:31:50.0678 0x17d8 AxInstSV - ok
13:31:50.0740 0x17d8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:31:50.0818 0x17d8 b06bdrv - ok
13:31:50.0865 0x17d8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:50.0927 0x17d8 b57nd60a - ok
13:31:50.0990 0x17d8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
13:31:51.0052 0x17d8 BDESVC - ok
13:31:51.0099 0x17d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
13:31:51.0161 0x17d8 Beep - ok
13:31:51.0239 0x17d8 [ B1359701847FF1FF415FA083F1610F48, 991F995B9CF614549F5F7EB5C5B2D47F34EFF0F47B35C4BF4CE716666B9DA1D3 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
13:31:51.0286 0x17d8 BEService - detected UnsignedFile.Multi.Generic ( 1 )
13:32:01.0426 0x17d8 BEService ( UnsignedFile.Multi.Generic ) - warning
13:32:01.0426 0x17d8 Force sending object to P2P due to detect: C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
13:32:05.0685 0x17d8 Object send P2P result: true
13:32:08.0805 0x17d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
13:32:08.0930 0x17d8 BFE - ok
13:32:08.0976 0x17d8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
13:32:09.0101 0x17d8 BITS - ok
13:32:09.0148 0x17d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:09.0164 0x17d8 blbdrive - ok
13:32:09.0195 0x17d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:32:09.0273 0x17d8 bowser - ok
13:32:09.0320 0x17d8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:09.0366 0x17d8 BrFiltLo - ok
13:32:09.0413 0x17d8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:09.0460 0x17d8 BrFiltUp - ok
13:32:09.0507 0x17d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
13:32:09.0569 0x17d8 Browser - ok
13:32:09.0600 0x17d8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:32:09.0694 0x17d8 Brserid - ok
13:32:09.0710 0x17d8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:09.0756 0x17d8 BrSerWdm - ok
13:32:09.0788 0x17d8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:09.0819 0x17d8 BrUsbMdm - ok
13:32:09.0850 0x17d8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:09.0881 0x17d8 BrUsbSer - ok
13:32:09.0897 0x17d8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:09.0928 0x17d8 BTHMODEM - ok
13:32:09.0959 0x17d8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
13:32:10.0022 0x17d8 bthserv - ok
13:32:10.0084 0x17d8 [ 46F088D1247E825B313200254EDD9E5B, 085D0FA43BFA2BF88F3949F634A59CC24B0765EAA7EC539FB36C61133A7BB633 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
13:32:10.0240 0x17d8 CAXHWBS2 - ok
13:32:10.0271 0x17d8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:32:10.0365 0x17d8 cdfs - ok
13:32:10.0412 0x17d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:32:10.0458 0x17d8 cdrom - ok
13:32:10.0505 0x17d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
13:32:10.0568 0x17d8 CertPropSvc - ok
13:32:10.0630 0x17d8 [ 4211C57BA2D3B714212E7AC63D6A3F1D, 0EB8996F4C9A70624DB7BA35F3426E47E5ED5F5E1A2933E6ED735BEFDB6B6156 ] cfwids C:\Windows\system32\drivers\cfwids.sys
13:32:10.0646 0x17d8 cfwids - ok
13:32:10.0708 0x17d8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:32:10.0755 0x17d8 circlass - ok
13:32:10.0833 0x17d8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
13:32:10.0911 0x17d8 CLFS - ok
13:32:10.0973 0x17d8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:11.0020 0x17d8 clr_optimization_v2.0.50727_32 - ok
13:32:11.0098 0x17d8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:11.0114 0x17d8 clr_optimization_v2.0.50727_64 - ok
13:32:11.0192 0x17d8 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:11.0238 0x17d8 clr_optimization_v4.0.30319_32 - ok
13:32:11.0254 0x17d8 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:11.0316 0x17d8 clr_optimization_v4.0.30319_64 - ok
13:32:11.0363 0x17d8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:11.0379 0x17d8 CmBatt - ok
13:32:11.0410 0x17d8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:32:11.0426 0x17d8 cmdide - ok
13:32:11.0488 0x17d8 [ AAFCB52FE0037207FB6FBEA070D25EFE, 7D035BFB6DD86944CCDE6D71811891406D7FD08344EF8CF57C4D932E096F1377 ] CNG C:\Windows\system32\Drivers\cng.sys
13:32:11.0550 0x17d8 CNG - ok
13:32:11.0582 0x17d8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:32:11.0613 0x17d8 Compbatt - ok
13:32:11.0660 0x17d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:32:11.0722 0x17d8 CompositeBus - ok
13:32:11.0753 0x17d8 COMSysApp - ok
13:32:11.0784 0x17d8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:11.0800 0x17d8 crcdisk - ok
13:32:11.0847 0x17d8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:32:11.0909 0x17d8 CryptSvc - ok
13:32:11.0956 0x17d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:32:12.0050 0x17d8 DcomLaunch - ok
13:32:12.0096 0x17d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
13:32:12.0159 0x17d8 defragsvc - ok
13:32:12.0190 0x17d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:32:12.0268 0x17d8 DfsC - ok
13:32:12.0315 0x17d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:32:12.0393 0x17d8 Dhcp - ok
13:32:12.0424 0x17d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
13:32:12.0486 0x17d8 discache - ok
13:32:12.0533 0x17d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:32:12.0549 0x17d8 Disk - ok
13:32:12.0627 0x17d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:32:12.0736 0x17d8 Dnscache - ok
13:32:12.0767 0x17d8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
13:32:12.0845 0x17d8 dot3svc - ok
13:32:12.0892 0x17d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
13:32:12.0970 0x17d8 DPS - ok
13:32:13.0017 0x17d8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:32:13.0048 0x17d8 drmkaud - ok
13:32:13.0095 0x17d8 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:32:13.0142 0x17d8 dtsoftbus01 - ok
13:32:13.0188 0x17d8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:32:13.0298 0x17d8 DXGKrnl - ok
13:32:13.0360 0x17d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
13:32:13.0438 0x17d8 EapHost - ok
13:32:13.0610 0x17d8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:32:13.0890 0x17d8 ebdrv - ok
13:32:13.0937 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
13:32:13.0953 0x17d8 EFS - ok
13:32:14.0046 0x17d8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:32:14.0202 0x17d8 ehRecvr - ok
13:32:14.0265 0x17d8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
13:32:14.0358 0x17d8 ehSched - ok
13:32:14.0405 0x17d8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:32:14.0452 0x17d8 elxstor - ok
13:32:14.0514 0x17d8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:32:14.0624 0x17d8 ErrDev - ok
13:32:14.0842 0x17d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
13:32:14.0936 0x17d8 EventSystem - ok
13:32:14.0982 0x17d8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:32:15.0029 0x17d8 exfat - ok
13:32:15.0045 0x17d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:32:15.0107 0x17d8 fastfat - ok
13:32:15.0170 0x17d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
13:32:15.0310 0x17d8 Fax - ok
13:32:15.0357 0x17d8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:32:15.0388 0x17d8 fdc - ok
13:32:15.0700 0x17d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
13:32:15.0794 0x17d8 fdPHost - ok
13:32:15.0809 0x17d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
13:32:15.0872 0x17d8 FDResPub - ok
13:32:15.0903 0x17d8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:32:15.0918 0x17d8 FileInfo - ok
13:32:15.0934 0x17d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:32:15.0981 0x17d8 Filetrace - ok
13:32:15.0996 0x17d8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:16.0028 0x17d8 flpydisk - ok
13:32:16.0074 0x17d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:32:16.0106 0x17d8 FltMgr - ok
13:32:16.0184 0x17d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
13:32:16.0355 0x17d8 FontCache - ok
13:32:16.0402 0x17d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:16.0418 0x17d8 FontCache3.0.0.0 - ok
13:32:16.0449 0x17d8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:32:16.0464 0x17d8 FsDepends - ok
13:32:16.0496 0x17d8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:32:16.0511 0x17d8 Fs_Rec - ok
13:32:16.0542 0x17d8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:32:16.0574 0x17d8 fvevol - ok
13:32:16.0589 0x17d8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:16.0620 0x17d8 gagp30kx - ok
13:32:16.0652 0x17d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
13:32:16.0761 0x17d8 gpsvc - ok
13:32:16.0823 0x17d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:32:16.0854 0x17d8 gupdate - ok
13:32:16.0870 0x17d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:32:16.0917 0x17d8 gupdatem - ok
13:32:16.0948 0x17d8 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:32:16.0964 0x17d8 hamachi - ok
13:32:17.0198 0x17d8 [ 1908A2C4593905FC16400A5AD30AC9F5, 261CA6FC8EEEDC8EB4DE94EF78261D89A2670B7BED0B5F7BB21756FB529F43FD ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:32:17.0322 0x17d8 Hamachi2Svc - ok
13:32:17.0369 0x17d8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:32:17.0432 0x17d8 hcw85cir - ok
13:32:17.0463 0x17d8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:32:17.0510 0x17d8 HdAudAddService - ok
13:32:17.0541 0x17d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:32:17.0588 0x17d8 HDAudBus - ok
13:32:17.0619 0x17d8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:17.0634 0x17d8 HidBatt - ok
13:32:17.0650 0x17d8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:32:17.0697 0x17d8 HidBth - ok
13:32:17.0712 0x17d8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:32:17.0744 0x17d8 HidIr - ok
13:32:17.0759 0x17d8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
13:32:17.0837 0x17d8 hidserv - ok
13:32:17.0884 0x17d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:32:17.0946 0x17d8 HidUsb - ok
13:32:18.0024 0x17d8 [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
13:32:18.0056 0x17d8 HipShieldK - ok
13:32:18.0102 0x17d8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:32:18.0149 0x17d8 hkmsvc - ok
13:32:18.0180 0x17d8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:32:18.0243 0x17d8 HomeGroupListener - ok
13:32:18.0258 0x17d8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:32:18.0336 0x17d8 HomeGroupProvider - ok
13:32:18.0446 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:18.0524 0x17d8 HomeNetSvc - ok
13:32:18.0555 0x17d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:32:18.0586 0x17d8 HpSAMD - ok
13:32:18.0648 0x17d8 [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
13:32:18.0742 0x17d8 HsfXAudioService - ok
13:32:18.0820 0x17d8 [ 64667D9808FD09FABEDCCF62E8F52662, 7DFD66065E7FF625FDE0A0665EBD1CECA70DE29C1CDE9D6B6C30677DB2292F1B ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
13:32:18.0929 0x17d8 HSF_DP - ok
13:32:19.0007 0x17d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:32:19.0116 0x17d8 HTTP - ok
13:32:19.0163 0x17d8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:32:19.0179 0x17d8 hwpolicy - ok
13:32:19.0210 0x17d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:32:19.0226 0x17d8 i8042prt - ok
13:32:19.0272 0x17d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:32:19.0319 0x17d8 iaStorV - ok
13:32:19.0397 0x17d8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:19.0460 0x17d8 idsvc - ok
13:32:19.0491 0x17d8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:32:19.0506 0x17d8 iirsp - ok
13:32:19.0553 0x17d8 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
13:32:19.0662 0x17d8 IKEEXT - ok
13:32:19.0896 0x17d8 [ CCEDD47ABD068C58C8513DEB785093BB, 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:32:20.0084 0x17d8 IntcAzAudAddService - ok
13:32:20.0130 0x17d8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
13:32:20.0146 0x17d8 intelide - ok
13:32:20.0193 0x17d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:32:20.0224 0x17d8 intelppm - ok
13:32:20.0271 0x17d8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:32:20.0318 0x17d8 IPBusEnum - ok
13:32:20.0349 0x17d8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:20.0411 0x17d8 IpFilterDriver - ok
13:32:20.0458 0x17d8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:32:20.0536 0x17d8 iphlpsvc - ok
13:32:20.0583 0x17d8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:32:20.0630 0x17d8 IPMIDRV - ok
13:32:20.0661 0x17d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:32:20.0723 0x17d8 IPNAT - ok
13:32:20.0739 0x17d8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:32:20.0770 0x17d8 IRENUM - ok
13:32:20.0786 0x17d8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:32:20.0817 0x17d8 isapnp - ok
13:32:20.0832 0x17d8 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:32:20.0879 0x17d8 iScsiPrt - ok
13:32:20.0910 0x17d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:32:20.0926 0x17d8 kbdclass - ok
13:32:20.0957 0x17d8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:32:20.0988 0x17d8 kbdhid - ok
13:32:21.0020 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
13:32:21.0051 0x17d8 KeyIso - ok
13:32:21.0082 0x17d8 [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:32:21.0098 0x17d8 KSecDD - ok
13:32:21.0129 0x17d8 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E, 94F1382291BD748BAE7EDBCB56F43B8564A1EE22E2DBEB37066559EE3D065FBA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:32:21.0144 0x17d8 KSecPkg - ok
13:32:21.0176 0x17d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:32:21.0238 0x17d8 ksthunk - ok
13:32:21.0285 0x17d8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
13:32:21.0363 0x17d8 KtmRm - ok
13:32:21.0425 0x17d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:32:21.0503 0x17d8 LanmanServer - ok
13:32:21.0534 0x17d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:32:21.0597 0x17d8 LanmanWorkstation - ok
13:32:21.0706 0x17d8 [ 70FB6254E29150A7A4A39FDFFD306C33, 23783F90F6A55B0FF506F6D11355F6E04DDFF66309EB029B155F4411B3CBB57A ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:32:21.0800 0x17d8 LBTServ - ok
13:32:21.0831 0x17d8 [ A03B765FF67E58BA75333C7C8C0D7706, BD4771799473B8926AF7638D4BDD5FFE17FE0E17A44E8D4DEAC1956986DB645E ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:32:21.0846 0x17d8 LEqdUsb - ok
13:32:21.0878 0x17d8 Level Quality Watcher - ok
13:32:21.0909 0x17d8 [ 389588725D419476F365370BED4FFE5A, 05616839A593912199AA9CEB6C7B58E39167EBCD1C65D2830A409D0F93134B83 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:32:21.0924 0x17d8 LHidEqd - ok
13:32:21.0956 0x17d8 [ 1470EF17E02E82E4F43346DF9E9F11E1, 052D5D71F08B17ECA6013F9908369D101186429BA8B4F9D900BEE5B883A867F9 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:32:21.0971 0x17d8 LHidFilt - ok
13:32:22.0002 0x17d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:32:22.0080 0x17d8 lltdio - ok
13:32:22.0112 0x17d8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:32:22.0205 0x17d8 lltdsvc - ok
13:32:22.0221 0x17d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:32:22.0268 0x17d8 lmhosts - ok
13:32:22.0283 0x17d8 [ 12814AE119E959437BEA3110F81BD188, 277A9AA641E8C70F4611B1AA0D7C998547BF109FDB117A4F2C0328663D4D7D71 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:32:22.0299 0x17d8 LMouFilt - ok
13:32:22.0346 0x17d8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:22.0361 0x17d8 LSI_FC - ok
13:32:22.0392 0x17d8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:22.0439 0x17d8 LSI_SAS - ok
13:32:22.0455 0x17d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:22.0470 0x17d8 LSI_SAS2 - ok
13:32:22.0502 0x17d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:22.0517 0x17d8 LSI_SCSI - ok
13:32:22.0548 0x17d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
13:32:22.0595 0x17d8 luafv - ok
13:32:22.0626 0x17d8 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:32:22.0658 0x17d8 McAfee SiteAdvisor Service - ok
13:32:22.0736 0x17d8 [ 34FCA19FE407A7B9996DB5B4CCEC5C8C, B43AE1B6F9821BCC2CE0DD1D12F3716941487791237C7129CA9C961CBBFC1EEB ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe
13:32:22.0782 0x17d8 McAPExe - ok
13:32:22.0860 0x17d8 [ F48571922079BBAB289C57BAFEFE88F3, B2601773BD8B5D53A37B12B87F6BA072AD07D29A436BDCC73B7B4484AAF52BCD ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
13:32:22.0923 0x17d8 McAWFwk - ok
13:32:22.0970 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:23.0001 0x17d8 McMPFSvc - ok
13:32:23.0032 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:23.0048 0x17d8 McNaiAnn - ok
13:32:23.0110 0x17d8 [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:32:23.0172 0x17d8 McODS - ok
13:32:23.0204 0x17d8 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McOobeSv C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:32:23.0235 0x17d8 McOobeSv - ok
13:32:23.0282 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:23.0313 0x17d8 mcpltsvc - ok
13:32:23.0344 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:23.0391 0x17d8 McProxy - ok
13:32:23.0422 0x17d8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:32:23.0453 0x17d8 Mcx2Svc - ok
13:32:23.0484 0x17d8 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:32:23.0516 0x17d8 mdmxsdk - ok
13:32:23.0547 0x17d8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:32:23.0562 0x17d8 megasas - ok
13:32:23.0594 0x17d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:23.0625 0x17d8 MegaSR - ok
13:32:23.0672 0x17d8 [ 3D7E3F388680F1F854599C73D8AAF535, A459C50A40CD16FFB3ADFA0D56DDB79895CCD25F96C53F64F494745D58C3DA06 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
13:32:23.0703 0x17d8 mfeapfk - ok
13:32:23.0781 0x17d8 [ 486D22007426F10779C6351D305E9E43, 4796A017092DBDBCC8E282B36F89219944321B5279C88E369C0CFFF8CDC97742 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
13:32:23.0828 0x17d8 mfeavfk - ok
13:32:23.0952 0x17d8 [ 8036004F016125C907FC9351141F95AA, 10DE20FCB2D33E25E443C10EED4551CBAE9C16CD6D08B69BF91868A2F27DAF53 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
13:32:24.0015 0x17d8 mfecore - ok
13:32:24.0077 0x17d8 [ B4B4FAB730F3392E2F7FF0F7BD59CFF9, 99237F6ACA1968154CF2621FC8364A28351F045690939216BAA6C4CDB3889B9A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:32:24.0124 0x17d8 mfefire - ok
13:32:24.0171 0x17d8 [ DFDDC10E9666DBFDB8F2E827B7C2DCE4, 7CCE610BAE3C8BBA59A90B840782C0F9DFDC82AFABA9E9AB5F78C02F7CADB8FA ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
13:32:24.0218 0x17d8 mfefirek - ok
13:32:24.0264 0x17d8 [ 514EC1C14BA51CE6B8F60AEFE390CA3E, 187E8539F4B97F0E1B9DF6717C80AD2A6C3C33210255DB927DE511991EC175DB ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:32:24.0327 0x17d8 mfehidk - ok
13:32:24.0358 0x17d8 [ 73A92690FF5CFFE5A741912311AA1A6C, 52B6DACF023A704785D2F346F61D5896DF1E06C1ED37540741227333C4BE921A ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys
13:32:24.0405 0x17d8 mfencbdc - ok
13:32:24.0436 0x17d8 [ CB987596EE0964958AFA677360B6174B, 2852B8DC0F160ED6B2EE310FEC1BB19B93D619688C25C6296F7214959996FA6B ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys
13:32:24.0467 0x17d8 mfencrk - ok
13:32:24.0530 0x17d8 [ 9E18496715CF1BF8400DB120E69090E4, 3A24A7E5920FA7EC67FB078C23F7C403D74B7EDDA4817C6A55CAE1ADBC521BF1 ] mfevtp C:\Windows\system32\mfevtps.exe
13:32:24.0576 0x17d8 mfevtp - ok
13:32:24.0623 0x17d8 [ 4DC3D77F2BBC1EFFB08E8D25D7E6B4D6, 7F3A81FD0A45B67EC330EB1C611F0B36196A51E9209D02016CFE82BD267DA14A ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
13:32:24.0654 0x17d8 mfewfpk - ok
13:32:24.0686 0x17d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
13:32:24.0764 0x17d8 MMCSS - ok
13:32:24.0795 0x17d8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
13:32:24.0857 0x17d8 Modem - ok
13:32:24.0904 0x17d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:32:24.0951 0x17d8 monitor - ok
13:32:24.0982 0x17d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:32:24.0998 0x17d8 mouclass - ok
13:32:25.0044 0x17d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:32:25.0076 0x17d8 mouhid - ok
13:32:25.0122 0x17d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:32:25.0138 0x17d8 mountmgr - ok
13:32:25.0200 0x17d8 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:32:25.0263 0x17d8 MozillaMaintenance - ok
13:32:25.0310 0x17d8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:32:25.0325 0x17d8 mpio - ok
13:32:25.0372 0x17d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:32:25.0434 0x17d8 mpsdrv - ok
13:32:25.0497 0x17d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:32:25.0606 0x17d8 MpsSvc - ok
13:32:25.0653 0x17d8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:32:25.0684 0x17d8 MRxDAV - ok
13:32:25.0715 0x17d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:25.0778 0x17d8 mrxsmb - ok
13:32:25.0809 0x17d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:25.0856 0x17d8 mrxsmb10 - ok
13:32:25.0902 0x17d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:25.0934 0x17d8 mrxsmb20 - ok
13:32:25.0965 0x17d8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
13:32:25.0980 0x17d8 msahci - ok
13:32:26.0043 0x17d8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:32:26.0090 0x17d8 msdsm - ok
13:32:26.0136 0x17d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
13:32:26.0199 0x17d8 MSDTC - ok
13:32:26.0230 0x17d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:32:26.0277 0x17d8 Msfs - ok
13:32:26.0292 0x17d8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:32:26.0339 0x17d8 mshidkmdf - ok
13:32:26.0370 0x17d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:32:26.0386 0x17d8 msisadrv - ok
13:32:26.0417 0x17d8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:32:26.0526 0x17d8 MSiSCSI - ok
13:32:26.0526 0x17d8 msiserver - ok
13:32:26.0589 0x17d8 [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
13:32:26.0651 0x17d8 MSK80Service - ok
13:32:26.0682 0x17d8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:32:26.0745 0x17d8 MSKSSRV - ok
13:32:26.0776 0x17d8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:26.0823 0x17d8 MSPCLOCK - ok
13:32:26.0854 0x17d8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:32:26.0916 0x17d8 MSPQM - ok
13:32:26.0963 0x17d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:32:27.0010 0x17d8 MsRPC - ok
13:32:27.0041 0x17d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:32:27.0072 0x17d8 mssmbios - ok
13:32:27.0104 0x17d8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:32:27.0166 0x17d8 MSTEE - ok
13:32:27.0197 0x17d8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:27.0213 0x17d8 MTConfig - ok
13:32:27.0244 0x17d8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
13:32:27.0260 0x17d8 Mup - ok
13:32:27.0291 0x17d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
13:32:27.0384 0x17d8 napagent - ok
13:32:27.0447 0x17d8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:32:27.0509 0x17d8 NativeWifiP - ok
13:32:27.0572 0x17d8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
13:32:27.0650 0x17d8 NDIS - ok
13:32:27.0681 0x17d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:27.0743 0x17d8 NdisCap - ok
13:32:27.0774 0x17d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:27.0852 0x17d8 NdisTapi - ok
13:32:27.0884 0x17d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:27.0962 0x17d8 Ndisuio - ok
13:32:28.0008 0x17d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:28.0086 0x17d8 NdisWan - ok
13:32:28.0118 0x17d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:32:28.0211 0x17d8 NDProxy - ok
13:32:28.0242 0x17d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:32:28.0305 0x17d8 NetBIOS - ok
13:32:28.0352 0x17d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:32:28.0445 0x17d8 NetBT - ok
13:32:28.0461 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
13:32:28.0508 0x17d8 Netlogon - ok
13:32:28.0539 0x17d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
13:32:28.0632 0x17d8 Netman - ok
13:32:28.0695 0x17d8 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:28.0726 0x17d8 NetMsmqActivator - ok
13:32:28.0742 0x17d8 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:28.0773 0x17d8 NetPipeActivator - ok
13:32:28.0820 0x17d8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
13:32:28.0913 0x17d8 netprofm - ok
13:32:28.0944 0x17d8 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:28.0960 0x17d8 NetTcpActivator - ok
13:32:28.0976 0x17d8 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:29.0022 0x17d8 NetTcpPortSharing - ok
13:32:29.0054 0x17d8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:29.0085 0x17d8 nfrd960 - ok
13:32:29.0132 0x17d8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:32:29.0178 0x17d8 NlaSvc - ok
13:32:29.0210 0x17d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:32:29.0272 0x17d8 Npfs - ok
13:32:29.0288 0x17d8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
13:32:29.0366 0x17d8 nsi - ok
13:32:29.0397 0x17d8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:32:29.0459 0x17d8 nsiproxy - ok
13:32:29.0584 0x17d8 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:32:29.0693 0x17d8 Ntfs - ok
13:32:29.0709 0x17d8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
13:32:29.0756 0x17d8 Null - ok
13:32:29.0818 0x17d8 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
13:32:29.0865 0x17d8 NVENETFD - ok
13:32:29.0912 0x17d8 [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:32:29.0943 0x17d8 NVHDA - ok
13:32:30.0426 0x17d8 [ CE1B54F1ED2080B15DAF9044EC92075A, DD8557B0E159C09DF3195EC01545CCE2BD580DC2557CCC4F90D3B7C02D07FC36 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:31.0362 0x17d8 nvlddmkm - ok
13:32:31.0487 0x17d8 [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
13:32:31.0518 0x17d8 NVNET - ok
13:32:31.0581 0x17d8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:32:31.0612 0x17d8 nvraid - ok
13:32:31.0643 0x17d8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:32:31.0674 0x17d8 nvstor - ok
13:32:31.0752 0x17d8 [ 6BA747B1A9297A6C0271700D12FDD495, 0DB3F514EA0AC83803507DD37C1CDDC83B72DE0EDF25E57D4C622F32BA27430D ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
13:32:31.0799 0x17d8 nvstor64 - ok
13:32:33.0874 0x17d8 [ 63B5DCF3A9EEA1C418468A312B54E612, 1094032CA6D6C6E06868483667B454781C10E820E3A727B59FA9AF727D713360 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
13:32:34.0373 0x17d8 NvStreamSvc - ok
13:32:34.0592 0x17d8 [ 67E9F641C1B5387F298F3063FAFA022B, F9C9974828632349E426C5375D2FD63744350D3D6FD693071231370D52E76DE7 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:32:34.0654 0x17d8 nvsvc - ok
13:32:34.0982 0x17d8 [ 005E474630A7AA05A617C574B702FEED, E7B8181232DAA787EE8B98DDB5775E4B33C82B4D2E4A27D3DCD9FBAA6663BD97 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:32:35.0106 0x17d8 nvUpdatusService - ok
13:32:35.0169 0x17d8 [ 220B120EF4C36B4A3E23FAEC91E2FCE3, 84F34F8CF0B7040F0C6DCF3AF70533E9E2D7CBA5E422CD21A7BF831135E42453 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
13:32:35.0200 0x17d8 nvvad_WaveExtensible - ok
13:32:35.0231 0x17d8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:32:35.0294 0x17d8 nv_agp - ok
13:32:35.0325 0x17d8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:32:35.0356 0x17d8 ohci1394 - ok
13:32:35.0465 0x17d8 [ 1AA28D0A4E6BDB50613ACB7175778594, 8B5199502B8789EE31B5BA7FF808E8118AAAAE7A08159A115F0A944CE40FE4C5 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
13:32:35.0528 0x17d8 OverwolfUpdaterService - ok
13:32:35.0668 0x17d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:32:35.0746 0x17d8 p2pimsvc - ok
13:32:35.0871 0x17d8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
13:32:35.0949 0x17d8 p2psvc - ok
13:32:35.0996 0x17d8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:32:36.0027 0x17d8 Parport - ok
13:32:36.0058 0x17d8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:32:36.0089 0x17d8 partmgr - ok
13:32:36.0136 0x17d8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
13:32:36.0198 0x17d8 PcaSvc - ok
13:32:36.0245 0x17d8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
13:32:36.0292 0x17d8 pci - ok
13:32:36.0323 0x17d8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
13:32:36.0354 0x17d8 pciide - ok
13:32:36.0401 0x17d8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:36.0432 0x17d8 pcmcia - ok
13:32:36.0448 0x17d8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
13:32:36.0479 0x17d8 pcw - ok
13:32:36.0557 0x17d8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:32:36.0682 0x17d8 PEAUTH - ok
13:32:36.0854 0x17d8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:32:36.0885 0x17d8 PerfHost - ok
13:32:37.0197 0x17d8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
13:32:37.0353 0x17d8 pla - ok
13:32:37.0415 0x17d8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:32:37.0540 0x17d8 PlugPlay - ok
13:32:37.0556 0x17d8 PnkBstrA - ok
13:32:37.0571 0x17d8 PnkBstrB - ok
13:32:37.0618 0x17d8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:32:37.0727 0x17d8 PNRPAutoReg - ok
13:32:37.0790 0x17d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:32:37.0836 0x17d8 PNRPsvc - ok
13:32:37.0977 0x17d8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:32:38.0055 0x17d8 PolicyAgent - ok
13:32:38.0133 0x17d8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
13:32:38.0242 0x17d8 Power - ok
13:32:38.0273 0x17d8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:32:38.0351 0x17d8 PptpMiniport - ok
13:32:38.0398 0x17d8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:32:38.0445 0x17d8 Processor - ok
13:32:38.0507 0x17d8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
13:32:38.0632 0x17d8 ProfSvc - ok
13:32:38.0648 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:32:38.0726 0x17d8 ProtectedStorage - ok
13:32:38.0772 0x17d8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:32:38.0850 0x17d8 Psched - ok
13:32:38.0928 0x17d8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:32:39.0006 0x17d8 ql2300 - ok
13:32:39.0069 0x17d8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:39.0116 0x17d8 ql40xx - ok
13:32:39.0147 0x17d8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
13:32:39.0178 0x17d8 QWAVE - ok
13:32:39.0194 0x17d8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:32:39.0240 0x17d8 QWAVEdrv - ok
13:32:39.0272 0x17d8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:32:39.0318 0x17d8 RasAcd - ok
13:32:39.0350 0x17d8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:39.0396 0x17d8 RasAgileVpn - ok
13:32:39.0412 0x17d8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
13:32:39.0490 0x17d8 RasAuto - ok
13:32:39.0521 0x17d8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:39.0584 0x17d8 Rasl2tp - ok
13:32:39.0646 0x17d8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
13:32:39.0755 0x17d8 RasMan - ok
13:32:39.0802 0x17d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:39.0880 0x17d8 RasPppoe - ok
13:32:39.0911 0x17d8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:32:39.0958 0x17d8 RasSstp - ok
13:32:40.0005 0x17d8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:32:40.0083 0x17d8 rdbss - ok
13:32:40.0114 0x17d8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:40.0145 0x17d8 rdpbus - ok
13:32:40.0176 0x17d8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:40.0270 0x17d8 RDPCDD - ok
13:32:40.0301 0x17d8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:32:40.0379 0x17d8 RDPENCDD - ok
13:32:40.0410 0x17d8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:32:40.0473 0x17d8 RDPREFMP - ok
13:32:40.0878 0x17d8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:32:40.0925 0x17d8 RdpVideoMiniport - ok
13:32:40.0956 0x17d8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:32:41.0034 0x17d8 RDPWD - ok
13:32:41.0081 0x17d8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:32:41.0112 0x17d8 rdyboost - ok
13:32:41.0144 0x17d8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:32:41.0222 0x17d8 RemoteAccess - ok
13:32:41.0268 0x17d8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:32:41.0346 0x17d8 RemoteRegistry - ok
13:32:41.0409 0x17d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:32:41.0502 0x17d8 RpcEptMapper - ok
13:32:41.0549 0x17d8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
13:32:41.0580 0x17d8 RpcLocator - ok
13:32:41.0627 0x17d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
13:32:41.0705 0x17d8 RpcSs - ok
13:32:41.0736 0x17d8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:32:41.0799 0x17d8 rspndr - ok
13:32:41.0861 0x17d8 [ 3A50489C017292386C1C6CF6EB283F23, 42E2C75A83A45070BB548591B83C3744F5DF6BB3743221D0442C1BA23789AD5D ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
13:32:41.0892 0x17d8 RtkAudioService - ok
13:32:41.0955 0x17d8 [ FEFA32073D77BB9C741A63B6286479F6, 7E62CF6244ACC964C21248AF6A7010EA9BBE220345E2DF361E661A746C18CBD1 ] RzKLService C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
13:32:42.0017 0x17d8 RzKLService - ok
13:32:42.0064 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
13:32:42.0095 0x17d8 SamSs - ok
13:32:42.0142 0x17d8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:32:42.0158 0x17d8 sbp2port - ok
13:32:42.0204 0x17d8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:32:42.0282 0x17d8 SCardSvr - ok
13:32:42.0314 0x17d8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:32:42.0392 0x17d8 scfilter - ok
13:32:42.0501 0x17d8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
13:32:42.0641 0x17d8 Schedule - ok
13:32:42.0672 0x17d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:32:42.0719 0x17d8 SCPolicySvc - ok
13:32:42.0766 0x17d8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:32:42.0844 0x17d8 SDRSVC - ok
13:32:42.0875 0x17d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:32:42.0938 0x17d8 secdrv - ok
13:32:42.0984 0x17d8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
13:32:43.0047 0x17d8 seclogon - ok
13:32:43.0109 0x17d8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
13:32:43.0172 0x17d8 SENS - ok
13:32:43.0218 0x17d8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:32:43.0265 0x17d8 SensrSvc - ok
13:32:43.0296 0x17d8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:32:43.0328 0x17d8 Serenum - ok
13:32:43.0374 0x17d8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:32:43.0406 0x17d8 Serial - ok
13:32:43.0452 0x17d8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:32:43.0484 0x17d8 sermouse - ok
13:32:43.0530 0x17d8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
13:32:43.0593 0x17d8 SessionEnv - ok
13:32:43.0624 0x17d8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:32:43.0686 0x17d8 sffdisk - ok
13:32:43.0718 0x17d8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:32:43.0764 0x17d8 sffp_mmc - ok
13:32:43.0780 0x17d8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:32:43.0842 0x17d8 sffp_sd - ok
13:32:43.0874 0x17d8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:43.0905 0x17d8 sfloppy - ok
13:32:43.0967 0x17d8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:32:44.0045 0x17d8 SharedAccess - ok
13:32:44.0139 0x17d8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:32:44.0264 0x17d8 ShellHWDetection - ok
13:32:44.0295 0x17d8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:44.0310 0x17d8 SiSRaid2 - ok
13:32:44.0342 0x17d8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:44.0373 0x17d8 SiSRaid4 - ok
13:32:44.0544 0x17d8 [ 3E587DBBDFF938DDE5D4CE4047BE9041, CA13B2C50FB09365362077AEC4B25120CF09F8C35702F645922D618FE57B5E05 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:32:44.0591 0x17d8 SkypeUpdate - ok
13:32:44.0669 0x17d8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:32:44.0778 0x17d8 Smb - ok
13:32:44.0856 0x17d8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:32:44.0934 0x17d8 SNMPTRAP - ok
13:32:44.0966 0x17d8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
13:32:44.0997 0x17d8 spldr - ok
13:32:45.0200 0x17d8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
13:32:45.0246 0x17d8 Spooler - ok
13:32:46.0276 0x17d8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
13:32:46.0541 0x17d8 sppsvc - ok
13:32:46.0650 0x17d8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:32:46.0760 0x17d8 sppuinotify - ok
13:32:47.0228 0x17d8 [ D6AB7C13FCDD2E4CAC35244D2C172D9A, 64A66368F5336B7A5879D083C2FE57DFD384410ADCC18004F327A4004A4F4300 ] sptd C:\Windows\System32\Drivers\sptd.sys
13:32:47.0321 0x17d8 sptd - ok
13:32:47.0430 0x17d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:32:47.0508 0x17d8 srv - ok
13:32:47.0664 0x17d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:32:47.0758 0x17d8 srv2 - ok
13:32:47.0805 0x17d8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:32:47.0852 0x17d8 srvnet - ok
13:32:47.0898 0x17d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:32:47.0992 0x17d8 SSDPSRV - ok
13:32:48.0023 0x17d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:32:48.0086 0x17d8 SstpSvc - ok
13:32:48.0179 0x17d8 [ 3DBF9D2E5DE3A72B37AB27ABB79FEE69, 6E0A6FB32FE84078769497178DB667960507540F411111B6900A0F2D2B604512 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:32:48.0210 0x17d8 Steam Client Service - ok
13:32:48.0273 0x17d8 [ 4F08BE2C2AC568EE9867A9B0F4F09540, 2EACD391B66D649BA458955257912B302270AB883B13FD4034B069B7CECE75FD ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:32:48.0304 0x17d8 Stereo Service - ok
13:32:48.0351 0x17d8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:32:48.0366 0x17d8 stexstor - ok
13:32:48.0444 0x17d8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
13:32:48.0507 0x17d8 stisvc - ok
13:32:48.0538 0x17d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
13:32:48.0554 0x17d8 swenum - ok
13:32:48.0600 0x17d8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
13:32:48.0694 0x17d8 swprv - ok
13:32:48.0850 0x17d8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
13:32:48.0975 0x17d8 SysMain - ok
13:32:49.0022 0x17d8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:32:49.0068 0x17d8 TabletInputService - ok
13:32:49.0115 0x17d8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:32:49.0209 0x17d8 TapiSrv - ok
13:32:49.0256 0x17d8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
13:32:49.0302 0x17d8 TBS - ok
13:32:49.0458 0x17d8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:32:49.0536 0x17d8 Tcpip - ok
13:32:49.0646 0x17d8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:32:49.0739 0x17d8 TCPIP6 - ok
13:32:49.0770 0x17d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:32:49.0817 0x17d8 tcpipreg - ok
13:32:49.0864 0x17d8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:32:49.0911 0x17d8 TDPIPE - ok
13:32:49.0958 0x17d8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:32:49.0989 0x17d8 TDTCP - ok
13:32:50.0036 0x17d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:32:50.0082 0x17d8 tdx - ok
13:32:50.0114 0x17d8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
13:32:50.0145 0x17d8 TermDD - ok
13:32:50.0207 0x17d8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
13:32:50.0301 0x17d8 TermService - ok
13:32:50.0316 0x17d8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
13:32:50.0363 0x17d8 Themes - ok
13:32:50.0410 0x17d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
13:32:50.0457 0x17d8 THREADORDER - ok
13:32:50.0488 0x17d8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
13:32:50.0566 0x17d8 TrkWks - ok
13:32:50.0628 0x17d8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:32:50.0675 0x17d8 TrustedInstaller - ok
13:32:50.0706 0x17d8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:50.0753 0x17d8 tssecsrv - ok
13:32:50.0784 0x17d8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:32:50.0847 0x17d8 TsUsbFlt - ok
13:32:50.0894 0x17d8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:32:50.0940 0x17d8 tunnel - ok
13:32:50.0987 0x17d8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:32:51.0065 0x17d8 uagp35 - ok
13:32:51.0128 0x17d8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:32:51.0221 0x17d8 udfs - ok
13:32:51.0268 0x17d8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:32:51.0315 0x17d8 UI0Detect - ok
13:32:51.0346 0x17d8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:32:51.0362 0x17d8 uliagpkx - ok
13:32:51.0408 0x17d8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
13:32:51.0440 0x17d8 umbus - ok
13:32:51.0486 0x17d8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:32:51.0533 0x17d8 UmPass - ok
13:32:51.0596 0x17d8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
13:32:51.0720 0x17d8 upnphost - ok
13:32:51.0783 0x17d8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:32:51.0814 0x17d8 usbaudio - ok
13:32:51.0845 0x17d8 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:51.0861 0x17d8 usbccgp - ok
13:32:51.0908 0x17d8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:32:51.0954 0x17d8 usbcir - ok
13:32:51.0970 0x17d8 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:32:52.0032 0x17d8 usbehci - ok
13:32:52.0079 0x17d8 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:32:52.0126 0x17d8 usbhub - ok
13:32:52.0157 0x17d8 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:32:52.0220 0x17d8 usbohci - ok
13:32:52.0251 0x17d8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:32:52.0298 0x17d8 usbprint - ok
13:32:52.0329 0x17d8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
13:32:52.0391 0x17d8 usbscan - ok
13:32:52.0422 0x17d8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:52.0454 0x17d8 USBSTOR - ok
13:32:52.0500 0x17d8 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:32:52.0532 0x17d8 usbuhci - ok
13:32:52.0547 0x17d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
13:32:52.0594 0x17d8 UxSms - ok
13:32:52.0625 0x17d8 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
13:32:52.0641 0x17d8 VaultSvc - ok
13:32:52.0688 0x17d8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:32:52.0703 0x17d8 vdrvroot - ok
13:32:52.0750 0x17d8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
13:32:52.0844 0x17d8 vds - ok
13:32:52.0890 0x17d8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:52.0922 0x17d8 vga - ok
13:32:52.0953 0x17d8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:32:53.0015 0x17d8 VgaSave - ok
13:32:53.0046 0x17d8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:32:53.0109 0x17d8 vhdmp - ok
13:32:53.0156 0x17d8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
13:32:53.0187 0x17d8 viaide - ok
13:32:53.0218 0x17d8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:32:53.0234 0x17d8 volmgr - ok
13:32:53.0280 0x17d8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:32:53.0312 0x17d8 volmgrx - ok
13:32:53.0343 0x17d8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:32:53.0374 0x17d8 volsnap - ok
13:32:53.0452 0x17d8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:53.0499 0x17d8 vsmraid - ok
13:32:53.0624 0x17d8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
13:32:53.0748 0x17d8 VSS - ok
13:32:53.0795 0x17d8 [ 93132C69394A99D992095D8CFE464801, A76C0371E9E18B038B0745C3F38AC4E958D43CB87EAB358EB88F431A33EE1F6E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
13:32:53.0858 0x17d8 VST64HWBS2 - ok
13:32:53.0951 0x17d8 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:32:54.0045 0x17d8 VST64_DPV - ok
13:32:54.0076 0x17d8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:32:54.0123 0x17d8 vwifibus - ok
13:32:54.0170 0x17d8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
13:32:54.0248 0x17d8 W32Time - ok
13:32:54.0279 0x17d8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:32:54.0310 0x17d8 WacomPen - ok
13:32:54.0357 0x17d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:32:54.0435 0x17d8 WANARP - ok
13:32:54.0466 0x17d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:32:54.0513 0x17d8 Wanarpv6 - ok
13:32:54.0606 0x17d8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:54.0731 0x17d8 WatAdminSvc - ok
13:32:54.0825 0x17d8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
13:32:54.0965 0x17d8 wbengine - ok
13:32:54.0996 0x17d8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:32:55.0043 0x17d8 WbioSrvc - ok
13:32:55.0090 0x17d8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:32:55.0152 0x17d8 wcncsvc - ok
13:32:55.0199 0x17d8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:32:55.0262 0x17d8 WcsPlugInService - ok
13:32:55.0308 0x17d8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:32:55.0324 0x17d8 Wd - ok
13:32:55.0386 0x17d8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:32:55.0496 0x17d8 Wdf01000 - ok
13:32:55.0542 0x17d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:32:55.0652 0x17d8 WdiServiceHost - ok
13:32:55.0667 0x17d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:32:55.0698 0x17d8 WdiSystemHost - ok
13:32:55.0730 0x17d8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
13:32:55.0776 0x17d8 WebClient - ok
13:32:55.0808 0x17d8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:32:55.0932 0x17d8 Wecsvc - ok
13:32:55.0964 0x17d8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:32:56.0026 0x17d8 wercplsupport - ok
13:32:56.0073 0x17d8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
13:32:56.0166 0x17d8 WerSvc - ok
13:32:56.0307 0x17d8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:56.0385 0x17d8 WfpLwf - ok
13:32:56.0416 0x17d8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:32:56.0432 0x17d8 WIMMount - ok
13:32:56.0494 0x17d8 [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:32:56.0588 0x17d8 winachsf - ok
13:32:56.0634 0x17d8 WinDefend - ok
13:32:56.0666 0x17d8 WinHttpAutoProxySvc - ok
13:32:56.0728 0x17d8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:32:56.0853 0x17d8 Winmgmt - ok
13:32:56.0946 0x17d8 WinRing0_1_2_0 - ok
13:32:57.0056 0x17d8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
13:32:57.0243 0x17d8 WinRM - ok
13:32:57.0352 0x17d8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:32:57.0430 0x17d8 Wlansvc - ok
13:32:57.0461 0x17d8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:32:57.0508 0x17d8 WmiAcpi - ok
13:32:57.0555 0x17d8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:32:57.0602 0x17d8 wmiApSrv - ok
13:32:57.0633 0x17d8 WMPNetworkSvc - ok
13:32:57.0664 0x17d8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:32:57.0711 0x17d8 WPCSvc - ok
13:32:57.0742 0x17d8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:32:57.0773 0x17d8 WPDBusEnum - ok
13:32:57.0804 0x17d8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:32:57.0867 0x17d8 ws2ifsl - ok
13:32:57.0914 0x17d8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
13:32:57.0960 0x17d8 wscsvc - ok
13:32:57.0976 0x17d8 WSearch - ok
13:32:58.0163 0x17d8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
13:32:58.0288 0x17d8 wuauserv - ok
13:32:58.0319 0x17d8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:32:58.0366 0x17d8 WudfPf - ok
13:32:58.0413 0x17d8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:58.0460 0x17d8 WUDFRd - ok
13:32:58.0491 0x17d8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:32:58.0538 0x17d8 wudfsvc - ok
13:32:58.0584 0x17d8 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:32:58.0662 0x17d8 WwanSvc - ok
13:32:58.0694 0x17d8 [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
13:32:58.0725 0x17d8 XAudio - ok
13:32:58.0756 0x17d8 ================ Scan global ===============================
13:32:58.0787 0x17d8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:32:58.0818 0x17d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:32:58.0850 0x17d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:32:58.0881 0x17d8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:32:58.0912 0x17d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:32:58.0943 0x17d8 [ Global ] - ok
13:32:58.0943 0x17d8 ================ Scan MBR ==================================
13:32:58.0943 0x17d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:32:59.0208 0x17d8 \Device\Harddisk0\DR0 - ok
13:32:59.0224 0x17d8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
13:32:59.0364 0x17d8 \Device\Harddisk2\DR2 - ok
13:32:59.0364 0x17d8 ================ Scan VBR ==================================
13:32:59.0364 0x17d8 [ 4420D715DBD74F1266419249D1F211B5 ] \Device\Harddisk0\DR0\Partition1
13:32:59.0364 0x17d8 \Device\Harddisk0\DR0\Partition1 - ok
13:32:59.0411 0x17d8 [ D43CCAF72370BCBE4B2A438FD63B8EC9 ] \Device\Harddisk0\DR0\Partition2
13:32:59.0411 0x17d8 \Device\Harddisk0\DR0\Partition2 - ok
13:32:59.0427 0x17d8 [ 8AF68257604D833AD6627454DB0C53E7 ] \Device\Harddisk2\DR2\Partition1
13:32:59.0427 0x17d8 \Device\Harddisk2\DR2\Partition1 - ok
13:32:59.0427 0x17d8 Waiting for KSN requests completion. In queue: 79
13:33:00.0441 0x17d8 Waiting for KSN requests completion. In queue: 79
13:33:01.0455 0x17d8 Waiting for KSN requests completion. In queue: 79
13:33:02.0469 0x17d8 Waiting for KSN requests completion. In queue: 64
13:33:03.0498 0x17d8 AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51000 ( enabled : updated )
13:33:03.0498 0x17d8 AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x50000 ( disabled : updated )
13:33:03.0514 0x17d8 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x50010 ( disabled )
13:33:03.0514 0x17d8 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x51010 ( enabled )
13:33:18.0474 0x17d8 ============================================================
13:33:18.0474 0x17d8 Scan finished
13:33:18.0474 0x17d8 ============================================================
13:33:18.0490 0x1624 Detected object count: 1
13:33:18.0490 0x1624 Actual detected object count: 1
13:34:08.0722 0x1624 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
13:34:08.0722 0x1624 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:21.0474 0x0c54 Deinitialize success

Attached Files


Edited by Dragina, 20 October 2013 - 12:11 PM.


#4 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 20 October 2013 - 04:04 PM

First, let me say the TDSSKiller results don't appear to be of concern. The item detected appears to be related to Steam, and does not appear to need to be addressed. It was simply flagged because it has properties that "can" be associated with a rootkit. This does not mean it "is" a rootkit. That is why we do not automatically cure all of them. They must be evalutated based on what they are. I do not believe this is a threat to your machines.

Because you had a threat on the machine that we removed with HiJackThis, and I can still see evidence of a suspicious temp file, I'd like to go ahead and run a tool to look a bit deeper on the machine to make sure there is nothing else lurking around before we remove the Scorpion folder and do some clean up of those temp files you mentioned.


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. 1. Do not mouse-click anywhere on the screen while it is running. That may cause it to stall. In fact, I suggest you do not do anything else on the computer while Combofix is running as it can cause it to stall. It may appear at times that it isn't doing anything but it is. Just let it run. It may also reboot the machine as a part of what it is doing and that is not unusual. (If your computer requires a login then you WILL need to fill in the login/password for it to continue. If your computer does not have a login then it will continue on it's own..) Then, just sit tight until it finishes. Sometimes it takes 10 minutes, sometimes it takes an hour. Just be patient until the log pops up. If it takes more than an hour and doesn't appear to be doing anything, you can stop it and come back and let me know.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

If you have a problem launching programs after running Combofix, please do not panic! Simply reboot the computer and all should be fine.

#5 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 20 October 2013 - 05:38 PM

Battle Eye and Punk Buster are programs that come with some steam games which are required in multiplayer servers in order to prevent cheating or hacking, so yes they are not malicious files.

I ran combo fix, however Scorpion Saver is still installed in my program files, my browser's add ons, and therefore still highlighting words on any webpage in my browsers with hover over ads.

Here are some pictures of what I mean and the combfix log:

Posted Image

Posted Image

Posted Image


Combofix

ComboFix 13-10-19.02 - Michelle 10/20/2013 19:08:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1585 [GMT -4:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-09-20 to 2013-10-20 )))))))))))))))))))))))))))))))
.
.
2013-10-20 23:19 . 2013-10-20 23:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-20 23:19 . 2013-10-20 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 17:06 . 2013-10-20 17:06 -------- d-----w- c:\program files (x86)\ScorpionSaver
2013-10-20 13:31 . 2013-10-20 13:31 -------- d-----w- C:\temp
2013-10-18 23:29 . 2013-10-18 23:29 388096 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-18 23:29 . 2013-10-18 23:29 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-16 11:23 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-10-14 22:57 . 2013-10-14 22:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-14 22:46 . 2013-10-14 22:46 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes
2013-10-14 22:46 . 2013-10-14 22:46 -------- d-----w- c:\programdata\Malwarebytes
2013-10-14 22:45 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-14 22:45 . 2013-10-14 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-10 22:28 . 2013-10-10 22:28 -------- d-----w- c:\users\Michelle\AppData\Local\LogMeIn
2013-10-10 22:28 . 2013-10-10 22:28 -------- d-----w- c:\programdata\LogMeIn
2013-10-10 17:38 . 2013-10-10 17:38 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2013-10-10 17:27 . 2013-10-10 17:28 -------- d-----w- c:\users\Michelle\AppData\Local\ArmA 2
2013-10-10 17:22 . 2013-10-17 22:31 -------- d-----w- c:\users\Michelle\AppData\Local\ArmA 2 OA
2013-10-10 17:22 . 2013-10-10 17:22 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2013-10-09 22:16 . 2013-10-09 22:16 -------- d-----w- c:\programdata\SIX Networks
2013-10-09 22:15 . 2013-10-09 22:15 -------- d-----w- c:\users\Michelle\AppData\Local\IsolatedStorage
2013-10-09 22:15 . 2013-10-09 22:15 -------- d-----w- c:\users\Michelle\AppData\Roaming\SIX Networks
2013-10-09 22:15 . 2013-10-15 00:58 -------- d-----w- c:\users\Michelle\AppData\Local\SIX Networks
2013-10-09 22:04 . 2013-10-09 22:04 -------- d-----w- c:\users\Michelle\AppData\Local\DayZCommander
2013-10-09 22:03 . 2013-10-09 22:03 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2013-10-09 11:38 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2013-10-09 11:37 . 2013-10-09 11:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-10-09 02:04 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-09 02:03 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-09 02:02 . 2013-08-29 00:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-10-09 02:02 . 2013-08-29 01:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-10-09 02:02 . 2013-08-29 00:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-10-09 02:02 . 2013-08-29 00:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-10-09 02:02 . 2013-08-29 00:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-10-09 02:02 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 02:02 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 02:01 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 02:01 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 02:01 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 02:01 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 02:01 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 02:01 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 02:01 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 02:01 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 02:01 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-06 23:07 . 2013-10-06 23:11 -------- d-----w- c:\users\Michelle\AppData\Roaming\Audacity
2013-10-01 06:23 . 2013-10-01 08:01 -------- d-----w- c:\users\Michelle\AppData\Roaming\Mumble
2013-10-01 06:20 . 2013-10-01 06:23 -------- d-----w- c:\program files (x86)\Mumble
2013-09-30 23:27 . 2013-09-30 23:27 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-09-28 00:11 . 2013-09-28 00:11 -------- d-----w- c:\users\Michelle\AppData\Local\Razer
2013-09-28 00:09 . 2013-09-28 00:09 -------- d-----w- c:\programdata\Razer
2013-09-28 00:09 . 2013-09-28 00:09 -------- d-----w- c:\program files (x86)\Razer
2013-09-27 04:11 . 2013-09-27 04:11 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-09-27 04:03 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 04:03 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 02:55 . 2013-09-27 03:40 -------- d-----w- c:\program files (x86)\AMD
2013-09-27 02:52 . 2013-09-27 03:39 -------- d-----w- c:\users\Michelle\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 07:02 . 2013-07-02 02:21 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 23:28 . 2013-07-02 06:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 23:28 . 2013-07-02 06:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-25 00:29 . 2013-04-03 17:37 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-09-25 00:25 . 2013-04-03 17:34 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 00:25 . 2013-07-02 23:57 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-25 00:22 . 2013-04-03 17:33 781312 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-09-25 00:21 . 2013-04-03 17:32 519192 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-09-25 00:20 . 2013-04-03 17:31 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 00:19 . 2013-04-03 17:31 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-09-20 13:38 . 2013-09-20 13:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 13:38 . 2013-09-20 13:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 13:37 . 2013-09-20 13:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-12 08:58 . 2013-07-01 23:28 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-07-01 23:28 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-07-01 23:27 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 08:58 . 2013-07-01 23:27 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2013-07-01 23:27 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-07-01 23:27 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-07-01 23:27 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-07-01 23:27 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 07:25 . 2013-07-01 23:28 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-07-01 23:28 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-07-01 23:28 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-07-01 23:28 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-07-01 23:28 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 05:17 . 2013-09-12 05:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-11 22:06 . 2013-07-01 23:28 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-08-29 01:48 . 2013-10-09 02:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-23 21:49 . 2013-08-23 21:49 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-08-23 06:17 . 2013-08-23 06:17 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-21 10:11 . 2013-08-21 10:15 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2013-08-20 13:32 . 2013-07-31 02:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-05 02:25 . 2013-09-11 08:44 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 08:44 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 08:44 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 08:44 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 08:44 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 08:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:43 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 08:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:43 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 08:44 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 08:44 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 08:44 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 08:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Level Quality Watcher;Level Quality Watcher;c:\windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC;c:\windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Michelle\AppData\Local\Temp\tmp38CB.tmp;c:\users\Michelle\AppData\Local\Temp\tmp38CB.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56850410
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - 56850410
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02 23:28]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 04:48]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 04:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 216.144.187.101 204.186.110.76
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\cxogh6sc.default\
FF - ExtSQL: 2013-10-14 11:48; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-10-14 19:19; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\cxogh6sc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - g:\my documents\SteamLibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Level Quality Watcher]
"ImagePath"="c:\windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Michelle\AppData\Local\Temp\tmp38CB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3903832009-3468763352-2619396910-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,28,df,f6,d6,68,da,69,42,c8,56,75,d9,45,03,5c,22,72,c4,9c,cd,
52,47,81,5d,3d,8b,3d,c3,f0,9d,87,81,4d,4e,5a,84,95,59,83,6b,4d,2a,3b,a9,00,\
"rkeysecu"=hex:40,50,28,b6,38,dc,64,a1,e0,f0,4c,c3,29,43,06,bd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-20 19:24:44
ComboFix-quarantined-files.txt 2013-10-20 23:24
.
Pre-Run: 55,879,905,280 bytes free
Post-Run: 55,738,597,376 bytes free
.
- - End Of File - - 761EB648124679DF732EC66C2111083F
A36C5E4F47E84449FF07ED3517B43A31

#6 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 21 October 2013 - 05:29 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC
C:\temp\ScorpionSaver*.*

Folder::
C:\Program Files (x86)\ScorpionSaver

Driver::
Level Quality Watcher

ClearJavaCache::


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please reboot your machine and let me know if Scorpion Saver is still in the temp file directory and if you are still seeing the problems in Firefox.

#7 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 21 October 2013 - 09:01 PM

It is still in the temp folder, it also was still a add on in Firefox so I removed the add on so the problem is gone for now. (Unless it comes back which is usually what happens), it also is still listed as installed in my program files, but the folder for Scorpion Saver in C:\Program Files (x86) is gone however. (Sometimes it takes a few hours or even a day for it all to come back from what I experience trying to get rid of it before.) Also, when My pc rebooted and started up after combofix was done. A error message popped up saying "C:\Program Files\Common Files\LogiShrd\CDDRV3\LDConfig.exe Illegal operation attempted on a registry key that has been marked for deletion." I'm not sure exactly what that means or if something broke when combofix was fixing things. LogiShrd? Sounds like it might be my Logitech software for my mouse or headset., Yeah it is, I checked the folder, and it kinda broke the program I need to use to set custom keys on my mouse. So I'm gonna have to reinstall probably. Nvm, I rebooted my pc again and now the logitech software for my mouse works again. ComboFix 13-10-21.01 - Michelle 10/21/2013 22:24:18.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1443 [GMT -4:00] Running from: c:\users\Michelle\Desktop\ComboFix.exe Command switches used :: c:\users\Michelle\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Installer\MSIC859.tmp run sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ScorpionSaver c:\program files (x86)\ScorpionSaver\background.js c:\program files (x86)\ScorpionSaver\bootstrap.js c:\program files (x86)\ScorpionSaver\bootstrap.js.old c:\program files (x86)\ScorpionSaver\CustomActionInstall c:\program files (x86)\ScorpionSaver\CustomActionUninstall c:\program files (x86)\ScorpionSaver\icon128.png c:\program files (x86)\ScorpionSaver\icon16.png c:\program files (x86)\ScorpionSaver\icon32.png c:\program files (x86)\ScorpionSaver\icon48.png c:\program files (x86)\ScorpionSaver\icon64.png c:\program files (x86)\ScorpionSaver\icon8.png c:\program files (x86)\ScorpionSaver\manifest.json c:\program files (x86)\ScorpionSaver\marcopolo.js c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml c:\program files (x86)\ScorpionSaver\SendJson.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Level Quality Watcher . . ((((((((((((((((((((((((( Files Created from 2013-09-22 to 2013-10-22 ))))))))))))))))))))))))))))))) . . 2013-10-22 02:37 . 2013-10-22 02:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-10-20 13:31 . 2013-10-20 13:31 -------- d-----w- C:\temp 2013-10-18 23:29 . 2013-10-18 23:29 388096 ----a-r- c:\users\Michelle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-10-18 23:29 . 2013-10-18 23:29 -------- d-----w- c:\program files (x86)\Trend Micro 2013-10-16 11:23 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-10-14 22:57 . 2013-10-14 22:57 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-10-14 22:46 . 2013-10-14 22:46 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes 2013-10-14 22:46 . 2013-10-14 22:46 -------- d-----w- c:\programdata\Malwarebytes 2013-10-14 22:45 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-14 22:45 . 2013-10-14 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-10 22:28 . 2013-10-10 22:28 -------- d-----w- c:\users\Michelle\AppData\Local\LogMeIn 2013-10-10 22:28 . 2013-10-10 22:28 -------- d-----w- c:\programdata\LogMeIn 2013-10-10 17:38 . 2013-10-10 17:38 -------- d-----w- c:\program files (x86)\Common Files\BattlEye 2013-10-10 17:27 . 2013-10-10 17:28 -------- d-----w- c:\users\Michelle\AppData\Local\ArmA 2 2013-10-10 17:22 . 2013-10-21 21:11 -------- d-----w- c:\users\Michelle\AppData\Local\ArmA 2 OA 2013-10-10 17:22 . 2013-10-10 17:22 -------- d-----w- c:\programdata\Bohemia Interactive Studio 2013-10-09 22:16 . 2013-10-09 22:16 -------- d-----w- c:\programdata\SIX Networks 2013-10-09 22:15 . 2013-10-09 22:15 -------- d-----w- c:\users\Michelle\AppData\Local\IsolatedStorage 2013-10-09 22:15 . 2013-10-09 22:15 -------- d-----w- c:\users\Michelle\AppData\Roaming\SIX Networks 2013-10-09 22:15 . 2013-10-15 00:58 -------- d-----w- c:\users\Michelle\AppData\Local\SIX Networks 2013-10-09 22:04 . 2013-10-09 22:04 -------- d-----w- c:\users\Michelle\AppData\Local\DayZCommander 2013-10-09 22:03 . 2013-10-09 22:03 -------- d-----w- c:\program files (x86)\Dotjosh Studios 2013-10-09 11:38 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2013-10-09 11:37 . 2013-10-09 11:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-10-09 02:04 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll 2013-10-09 02:03 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-10-09 02:02 . 2013-08-29 00:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-10-09 02:02 . 2013-08-29 01:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-10-09 02:02 . 2013-08-29 00:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-10-09 02:02 . 2013-08-29 00:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-10-09 02:02 . 2013-08-29 00:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-10-09 02:02 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 02:02 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 02:01 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-09 02:01 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-09 02:01 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-09 02:01 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-09 02:01 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-09 02:01 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-09 02:01 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-09 02:01 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-09 02:01 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-06 23:07 . 2013-10-06 23:11 -------- d-----w- c:\users\Michelle\AppData\Roaming\Audacity 2013-10-01 06:23 . 2013-10-01 08:01 -------- d-----w- c:\users\Michelle\AppData\Roaming\Mumble 2013-10-01 06:20 . 2013-10-01 06:23 -------- d-----w- c:\program files (x86)\Mumble 2013-09-30 23:27 . 2013-09-30 23:27 -------- d-----w- c:\program files (x86)\Microsoft XNA 2013-09-28 00:11 . 2013-09-28 00:11 -------- d-----w- c:\users\Michelle\AppData\Local\Razer 2013-09-28 00:09 . 2013-09-28 00:09 -------- d-----w- c:\programdata\Razer 2013-09-28 00:09 . 2013-09-28 00:09 -------- d-----w- c:\program files (x86)\Razer 2013-09-27 04:11 . 2013-09-27 04:11 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-27 04:03 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-09-27 04:03 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-09-27 02:55 . 2013-09-27 03:40 -------- d-----w- c:\program files (x86)\AMD 2013-09-27 02:52 . 2013-09-27 03:39 -------- d-----w- c:\users\Michelle\AppData\Local\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-09 07:02 . 2013-07-02 02:21 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-08 23:28 . 2013-07-02 06:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-08 23:28 . 2013-07-02 06:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-25 00:29 . 2013-04-03 17:37 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-09-25 00:25 . 2013-04-03 17:34 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-09-25 00:25 . 2013-07-02 23:57 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-09-25 00:22 . 2013-04-03 17:33 781312 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-09-25 00:21 . 2013-04-03 17:32 519192 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-09-25 00:20 . 2013-04-03 17:31 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-09-25 00:19 . 2013-04-03 17:31 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-09-20 13:38 . 2013-09-20 13:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-09-20 13:38 . 2013-09-20 13:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-09-20 13:37 . 2013-09-20 13:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-09-12 08:58 . 2013-07-01 23:28 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-09-12 08:58 . 2013-07-01 23:28 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-09-12 08:58 . 2013-07-01 23:27 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-09-12 08:58 . 2013-07-01 23:27 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-09-12 08:58 . 2013-07-01 23:27 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-09-12 08:58 . 2013-07-01 23:27 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-09-12 08:58 . 2013-07-01 23:27 2986672 ----a-w- c:\windows\system32\nvapi64.dll 2013-09-12 08:58 . 2013-07-01 23:27 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-09-12 07:25 . 2013-07-01 23:28 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-09-12 07:25 . 2013-07-01 23:28 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-09-12 07:25 . 2013-07-01 23:28 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-09-12 07:25 . 2013-07-01 23:28 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-09-12 07:25 . 2013-07-01 23:28 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-09-12 05:17 . 2013-09-12 05:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-09-11 22:06 . 2013-07-01 23:28 3361114 ----a-w- c:\windows\system32\nvcoproc.bin 2013-08-29 01:48 . 2013-10-09 02:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-23 21:49 . 2013-08-23 21:49 564824 ----a-w- c:\windows\system32\drivers\sptd.sys 2013-08-23 06:17 . 2013-08-23 06:17 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-08-21 10:11 . 2013-08-21 10:15 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll 2013-08-20 13:32 . 2013-07-31 02:15 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-05 02:25 . 2013-09-11 08:44 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 02:14 . 2013-09-11 08:44 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 02:13 . 2013-09-11 08:44 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 02:13 . 2013-09-11 08:44 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-08-02 02:12 . 2013-09-11 08:44 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-02 02:12 . 2013-09-11 08:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:43 6656 ----a-w- c:\windows\system32\apisetschema.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 08:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:50 . 2013-09-11 08:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:43 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 08:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:09 . 2013-09-11 08:44 338432 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:59 . 2013-09-11 08:44 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-02 00:43 . 2013-09-11 08:44 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43 . 2013-09-11 08:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43 . 2013-09-11 08:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43 . 2013-09-11 08:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-26 02:24 . 2013-09-11 08:43 14172672 ----a-w- c:\windows\system32\shell32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x] S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Michelle\AppData\Local\Temp\tmp50DD.tmp;c:\users\Michelle\AppData\Local\Temp\tmp50DD.tmp [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WINRING0_1_2_0 *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02 23:28] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 04:48] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07 04:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\cxogh6sc.default\ FF - ExtSQL: 2013-10-14 11:48; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor FF - ExtSQL: 2013-10-14 19:19; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\cxogh6sc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-BattlEye for A2 - g:\my documents\SteamLibrary\steamapps\common\Arma 2BattlEye\UnInstallBE.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0] "ImagePath"="\??\c:\users\Michelle\AppData\Local\Temp\tmp50DD.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3903832009-3468763352-2619396910-1000\Software\SecuROM\License information*] "datasecu"=hex:77,28,df,f6,d6,68,da,69,42,c8,56,75,d9,45,03,5c,22,72,c4,9c,cd, 52,47,81,5d,3d,8b,3d,c3,f0,9d,87,81,4d,4e,5a,84,95,59,83,6b,4d,2a,3b,a9,00,\ "rkeysecu"=hex:40,50,28,b6,38,dc,64,a1,e0,f0,4c,c3,29,43,06,bd . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe . ************************************************************************** . Completion time: 2013-10-21 22:50:32 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-22 02:50 ComboFix2.txt 2013-10-20 23:24 . Pre-Run: 55,296,573,440 bytes free Post-Run: 57,180,520,448 bytes free . - - End Of File - - AB972CAE55B1D61279DB39107033163E A36C5E4F47E84449FF07ED3517B43A31

Edited by Dragina, 21 October 2013 - 09:20 PM.


#8 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 22 October 2013 - 03:37 PM

Let's go ahead and do an online scan to see if any other threats remain. Even if it still shows in your installed programs, we have removed the files that control the program.


This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


Go here to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

If it doesn't find anything there will be no log to post.

#9 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 24 October 2013 - 12:04 PM

The malware isn't coming back now so I'm sure it is gone. And my browser is working fine now. However the scanner claimed to find threats when I am sure all these files are certainly not threats as I know what they are and use them. Winamp is a music player, Day Z commander is a launcher for a game Mod for Arma II, GPU Meter is a gadget for stats on my gpu(heat memory etc.), DTLite is Daemon Tools for using virtual drives. C:\Users\Michelle\Downloads\DayZ_Commander_Setup.exe a variant of Win32/Kryptik.BLXE trojan cleaned by deleting - quarantined C:\Users\Michelle\Downloads\DTLite4471-0337.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Users\Michelle\Downloads\GPUMeter.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined C:\Users\Michelle\Downloads\winamp565_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined G:\My Documents\My Back up Programs\PC Health\KillProcessSetup.exe a variant of Win32/KillProcess.A application cleaned by deleting - quarantined G:\My Documents\My Back up Programs\Winamp\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined

Edited by Dragina, 24 October 2013 - 12:05 PM.


#10 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 24 October 2013 - 03:50 PM

DayZ Commander just deleted a setup file, not the full executable file. However,you should be able to de-quarantine the items. The were quarantined because the option Remove found threats was left ticked.

Otherwise, things are looking and sounding great!



The following will implement some cleanup procedures as well as reset System Restore points:
  • Click the Windows Key + R to open the Run box.
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Posted Image

If there are any remaining tools or logs on your desktop you can right-click and delete them.

-----------------------------


Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:

Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.

Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.

If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.

Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.

Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.

To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.

Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware

Good luck & Happy surfing!

#11 Dragina

Dragina

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 27 October 2013 - 06:51 PM

Alright, thank you for the help.

#12 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,580 posts

Posted 29 October 2013 - 12:35 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.



Similar Topics: Malware that keeps coming back [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users